3e073e5723fe27d7d6e4197a5a1a3639fb078fd58a43d27f1f6c395106220c24

Analysis

max time kernel
118s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe
Size

468KB
MD5

4f8a3b5ff2c6a5fa04cbefb77bb86560
SHA1

4c6335f87eba30a41e8678d4cf0e66b7c14fcd62
SHA256

3e073e5723fe27d7d6e4197a5a1a3639fb078fd58a43d27f1f6c395106220c24
SHA512

9fbef2bfb8a6c71408799d11adb67f9d540452993202e2013e7067ce3cc7bd0279becc4872ed9381ef342bc04e449a33b3f67e0f4276aef47acf608463d2d1cf
SSDEEP

3072:ubAKogIdh05YtbYJPzcjffb/EChXPIplnmHCxVh14DdLXZ7uckXW:ub9o58YtOP4jffL0fH4DZp7uc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2644	Unicorn-4183.exe
2444	Unicorn-61080.exe
4836	Unicorn-24686.exe
856	Unicorn-45616.exe
5096	Unicorn-45616.exe
2284	Unicorn-6621.exe
4776	Unicorn-58423.exe
3060	Unicorn-39664.exe
4400	Unicorn-12206.exe
1040	Unicorn-7567.exe
4808	Unicorn-48408.exe
3108	Unicorn-48408.exe
5080	Unicorn-42278.exe
3488	Unicorn-28542.exe
3916	Unicorn-48143.exe
2360	Unicorn-27360.exe
2560	Unicorn-11023.exe
4724	Unicorn-29205.exe
3512	Unicorn-16046.exe
3828	Unicorn-41784.exe
4108	Unicorn-30662.exe
3180	Unicorn-50528.exe
4116	Unicorn-42095.exe
2296	Unicorn-25832.exe
3528	Unicorn-5774.exe
2516	Unicorn-1135.exe
3024	Unicorn-19509.exe
2640	Unicorn-46807.exe
4056	Unicorn-16709.exe
2576	Unicorn-25640.exe
1896	Unicorn-27944.exe
2380	Unicorn-18550.exe
3756	Unicorn-54752.exe
3856	Unicorn-18550.exe
888	Unicorn-56598.exe
2764	Unicorn-62728.exe
1380	Unicorn-62728.exe
3576	Unicorn-46127.exe
724	Unicorn-5935.exe
4520	Unicorn-59583.exe
4224	Unicorn-50263.exe
1100	Unicorn-29672.exe
3236	Unicorn-54176.exe
2044	Unicorn-4975.exe
1340	Unicorn-45846.exe
3608	Unicorn-26709.exe
5040	Unicorn-48447.exe
2456	Unicorn-21917.exe
2720	Unicorn-11327.exe
4156	Unicorn-19496.exe
2316	Unicorn-23366.exe
1740	Unicorn-15198.exe
1516	Unicorn-59568.exe
2600	Unicorn-51208.exe
2872	Unicorn-53246.exe
3952	Unicorn-59111.exe
2736	Unicorn-33910.exe
4572	Unicorn-39510.exe
5036	Unicorn-5079.exe
4652	Unicorn-54856.exe
2580	Unicorn-54664.exe
2700	Unicorn-30160.exe
3216	Unicorn-42966.exe
3760	Unicorn-23912.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3036	17180	WerFault.exe	864
11468	15280	WerFault.exe	736
1420	464	WerFault.exe	749
16492	16248	WerFault.exe	791
16132	8388	WerFault.exe	371

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	224	dwm.exe
Token: SeChangeNotifyPrivilege	224	dwm.exe
Token: 33	224	dwm.exe
Token: SeIncBasePriorityPrivilege	224	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe
2644	Unicorn-4183.exe
2444	Unicorn-61080.exe
4836	Unicorn-24686.exe
5096	Unicorn-45616.exe
2284	Unicorn-6621.exe
856	Unicorn-45616.exe
4776	Unicorn-58423.exe
3060	Unicorn-39664.exe
4400	Unicorn-12206.exe
1040	Unicorn-7567.exe
4808	Unicorn-48408.exe
5080	Unicorn-42278.exe
3916	Unicorn-48143.exe
3488	Unicorn-28542.exe
3108	Unicorn-48408.exe
2360	Unicorn-27360.exe
2560	Unicorn-11023.exe
4724	Unicorn-29205.exe
3512	Unicorn-16046.exe
3828	Unicorn-41784.exe
4108	Unicorn-30662.exe
4116	Unicorn-42095.exe
3180	Unicorn-50528.exe
2576	Unicorn-25640.exe
3528	Unicorn-5774.exe
2640	Unicorn-46807.exe
4056	Unicorn-16709.exe
2296	Unicorn-25832.exe
3024	Unicorn-19509.exe
2516	Unicorn-1135.exe
1896	Unicorn-27944.exe
3756	Unicorn-54752.exe
2380	Unicorn-18550.exe
888	Unicorn-56598.exe
3856	Unicorn-18550.exe
1380	Unicorn-62728.exe
2764	Unicorn-62728.exe
3576	Unicorn-46127.exe
724	Unicorn-5935.exe
4520	Unicorn-59583.exe
4224	Unicorn-50263.exe
3236	Unicorn-54176.exe
2044	Unicorn-4975.exe
1340	Unicorn-45846.exe
3608	Unicorn-26709.exe
5040	Unicorn-48447.exe
2456	Unicorn-21917.exe
2720	Unicorn-11327.exe
4156	Unicorn-19496.exe
2316	Unicorn-23366.exe
1740	Unicorn-15198.exe
1516	Unicorn-59568.exe
2600	Unicorn-51208.exe
2872	Unicorn-53246.exe
3952	Unicorn-59111.exe
4572	Unicorn-39510.exe
2736	Unicorn-33910.exe
5036	Unicorn-5079.exe
4652	Unicorn-54856.exe
2700	Unicorn-30160.exe
2580	Unicorn-54664.exe
3764	Unicorn-15744.exe
3760	Unicorn-23912.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 2644	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	85
PID 1428 wrote to memory of 2644	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	85
PID 1428 wrote to memory of 2644	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	85
PID 2644 wrote to memory of 2444	2644	Unicorn-4183.exe	86
PID 2644 wrote to memory of 2444	2644	Unicorn-4183.exe	86
PID 2644 wrote to memory of 2444	2644	Unicorn-4183.exe	86
PID 1428 wrote to memory of 4836	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	87
PID 1428 wrote to memory of 4836	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	87
PID 1428 wrote to memory of 4836	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	87
PID 2444 wrote to memory of 856	2444	Unicorn-61080.exe	88
PID 2444 wrote to memory of 856	2444	Unicorn-61080.exe	88
PID 2444 wrote to memory of 856	2444	Unicorn-61080.exe	88
PID 4836 wrote to memory of 5096	4836	Unicorn-24686.exe	89
PID 4836 wrote to memory of 5096	4836	Unicorn-24686.exe	89
PID 4836 wrote to memory of 5096	4836	Unicorn-24686.exe	89
PID 1428 wrote to memory of 2284	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	90
PID 1428 wrote to memory of 2284	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	90
PID 1428 wrote to memory of 2284	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	90
PID 2644 wrote to memory of 4776	2644	Unicorn-4183.exe	91
PID 2644 wrote to memory of 4776	2644	Unicorn-4183.exe	91
PID 2644 wrote to memory of 4776	2644	Unicorn-4183.exe	91
PID 5096 wrote to memory of 3060	5096	Unicorn-45616.exe	92
PID 5096 wrote to memory of 3060	5096	Unicorn-45616.exe	92
PID 5096 wrote to memory of 3060	5096	Unicorn-45616.exe	92
PID 4836 wrote to memory of 4400	4836	Unicorn-24686.exe	93
PID 4836 wrote to memory of 4400	4836	Unicorn-24686.exe	93
PID 4836 wrote to memory of 4400	4836	Unicorn-24686.exe	93
PID 2284 wrote to memory of 1040	2284	Unicorn-6621.exe	94
PID 2284 wrote to memory of 1040	2284	Unicorn-6621.exe	94
PID 2284 wrote to memory of 1040	2284	Unicorn-6621.exe	94
PID 856 wrote to memory of 4808	856	Unicorn-45616.exe	96
PID 856 wrote to memory of 4808	856	Unicorn-45616.exe	96
PID 856 wrote to memory of 4808	856	Unicorn-45616.exe	96
PID 4776 wrote to memory of 3108	4776	Unicorn-58423.exe	97
PID 4776 wrote to memory of 3108	4776	Unicorn-58423.exe	97
PID 4776 wrote to memory of 3108	4776	Unicorn-58423.exe	97
PID 2644 wrote to memory of 5080	2644	Unicorn-4183.exe	99
PID 2644 wrote to memory of 5080	2644	Unicorn-4183.exe	99
PID 2644 wrote to memory of 5080	2644	Unicorn-4183.exe	99
PID 2444 wrote to memory of 3488	2444	Unicorn-61080.exe	98
PID 2444 wrote to memory of 3488	2444	Unicorn-61080.exe	98
PID 2444 wrote to memory of 3488	2444	Unicorn-61080.exe	98
PID 1428 wrote to memory of 3916	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	95
PID 1428 wrote to memory of 3916	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	95
PID 1428 wrote to memory of 3916	1428	4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe	95
PID 3060 wrote to memory of 2360	3060	Unicorn-39664.exe	100
PID 3060 wrote to memory of 2360	3060	Unicorn-39664.exe	100
PID 3060 wrote to memory of 2360	3060	Unicorn-39664.exe	100
PID 4400 wrote to memory of 2560	4400	Unicorn-12206.exe	101
PID 4400 wrote to memory of 2560	4400	Unicorn-12206.exe	101
PID 4400 wrote to memory of 2560	4400	Unicorn-12206.exe	101
PID 4836 wrote to memory of 4724	4836	Unicorn-24686.exe	102
PID 4836 wrote to memory of 4724	4836	Unicorn-24686.exe	102
PID 4836 wrote to memory of 4724	4836	Unicorn-24686.exe	102
PID 5096 wrote to memory of 3512	5096	Unicorn-45616.exe	103
PID 5096 wrote to memory of 3512	5096	Unicorn-45616.exe	103
PID 5096 wrote to memory of 3512	5096	Unicorn-45616.exe	103
PID 1040 wrote to memory of 3828	1040	Unicorn-7567.exe	104
PID 1040 wrote to memory of 3828	1040	Unicorn-7567.exe	104
PID 1040 wrote to memory of 3828	1040	Unicorn-7567.exe	104
PID 2284 wrote to memory of 4108	2284	Unicorn-6621.exe	105
PID 2284 wrote to memory of 4108	2284	Unicorn-6621.exe	105
PID 2284 wrote to memory of 4108	2284	Unicorn-6621.exe	105
PID 5080 wrote to memory of 3180	5080	Unicorn-42278.exe	106

C:\Users\Admin\AppData\Local\Temp\4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f8a3b5ff2c6a5fa04cbefb77bb86560_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        9⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        9⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        7⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        7⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        7⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        8⤵
        
        PID:11780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        9⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        8⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31259.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        7⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        8⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        8⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        8⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        8⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
        7⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60374.exe
        6⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        7⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
        6⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        6⤵
        Executes dropped EXE
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        9⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        9⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        8⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        8⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        7⤵
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        7⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        7⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        7⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        6⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47648.exe
        6⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        7⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
        6⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10713.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        7⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
        7⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        6⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42294.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        5⤵
        
        PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        9⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        9⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        8⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        7⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        6⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        7⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        7⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        6⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        9⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        9⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        7⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48551.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34341.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        6⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        7⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10133.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        6⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1758.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        6⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47505.exe
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        9⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        8⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3682.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        7⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        7⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        7⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        7⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        7⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        7⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        6⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        6⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        6⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        5⤵
        
        PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33905.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        7⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        5⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        6⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        6⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
        5⤵
        
        PID:17180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17180 -s 80
        6⤵
        Program crash
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
      4⤵
      PID:15512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        8⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        5⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        6⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        7⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        6⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        7⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        7⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        6⤵
        
        PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        6⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        5⤵
        
        PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        7⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        5⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        7⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        6⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        7⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49529.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        6⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        6⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        5⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        5⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        5⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        5⤵
        
        PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
      4⤵
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
        6⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        7⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        9⤵
        
        PID:16248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16248 -s 464
        10⤵
        Program crash
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        8⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        8⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        7⤵
        
        PID:15932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        6⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        5⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30963.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
        5⤵
        
        PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
        7⤵
        
        PID:15280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15280 -s 452
        8⤵
        Program crash
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        6⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        5⤵
        
        PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        5⤵
        
        PID:15728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        5⤵
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      4⤵
      PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
      4⤵
      PID:12148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      4⤵
      Executes dropped EXE
      PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
      4⤵
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56523.exe
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11969.exe
        5⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      4⤵
      PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
        5⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      4⤵
      PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
      4⤵
      PID:15952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
      4⤵
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42952.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        6⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        6⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        5⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15202.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        5⤵
        
        PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
      4⤵
      PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        5⤵
        
        PID:16232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
      4⤵
      PID:11312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        5⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        5⤵
        
        PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
      4⤵
      PID:9032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
      4⤵
      PID:13056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20623.exe
    3⤵
    PID:7252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
    3⤵
    PID:10616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20601.exe
    3⤵
    PID:15868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51504.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        10⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        10⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        9⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        9⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        7⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        6⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        9⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7424.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        8⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        8⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        9⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21592.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        9⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        8⤵
        
        PID:13240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        8⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
        7⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7983.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
        5⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        7⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        7⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        6⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        5⤵
        
        PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        9⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        7⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        7⤵
        
        PID:17300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        6⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14960.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        7⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45371.exe
        6⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        6⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        5⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        5⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        5⤵
        
        PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2545.exe
        8⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        8⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        6⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        7⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        6⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        5⤵
        
        PID:216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      4⤵
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        6⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37905.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        5⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        6⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61258.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        5⤵
        
        PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      4⤵
      PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        5⤵
        
        PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
      4⤵
      PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
      4⤵
      PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        9⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        9⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        9⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        8⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        7⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        8⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16112.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        7⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        7⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        7⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        6⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        5⤵
        
        PID:7900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5479.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18816.exe
        6⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        5⤵
        
        PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        5⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        6⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
      4⤵
      PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53735.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        7⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        6⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        6⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        5⤵
        
        PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
      4⤵
      PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        5⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
      4⤵
      PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        7⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        6⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        6⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48374.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        5⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        5⤵
        
        PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
        5⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        5⤵
        
        PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
      4⤵
      PID:14784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63798.exe
    3⤵
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        5⤵
        
        PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      4⤵
      PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      4⤵
      PID:14500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
      4⤵
      PID:6896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
    3⤵
    PID:720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
    3⤵
    PID:10968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
    3⤵
    PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58642.exe
    3⤵
    PID:16900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
    3⤵
    PID:16540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        9⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        9⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26262.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        7⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        7⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27651.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        6⤵
        
        PID:17092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        6⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        6⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        7⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        7⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        5⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        6⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        5⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        5⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        5⤵
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
      4⤵
      PID:11096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
      4⤵
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        5⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        7⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        6⤵
        
        PID:14212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 720
        6⤵
        Program crash
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33873.exe
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
        5⤵
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
      4⤵
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:10736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        5⤵
        
        PID:16616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
      4⤵
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
        6⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33992.exe
        7⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        6⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        5⤵
        
        PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
      4⤵
      PID:10884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
      4⤵
      PID:5072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
    3⤵
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34592.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        5⤵
        
        PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
      4⤵
      PID:14484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
    3⤵
    PID:11076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
    3⤵
    PID:464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 468
      4⤵
      Program crash
      PID:1420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63585.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
      4⤵
      PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
      4⤵
      PID:15380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        5⤵
        
        PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
      4⤵
      PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
      4⤵
      PID:15916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
      4⤵
      PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        5⤵
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
      4⤵
      PID:464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
    3⤵
    PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
    3⤵
    PID:12208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
    3⤵
    PID:17044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        6⤵
        
        PID:9576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        5⤵
        
        PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42634.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
      4⤵
      PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59480.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        5⤵
        
        PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20606.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
      4⤵
      PID:12784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
    3⤵
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
      4⤵
      PID:15568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
    3⤵
    PID:10452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
    3⤵
    PID:15648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
    3⤵
    PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
      4⤵
      PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        5⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        5⤵
        
        PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      4⤵
      PID:12260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
    3⤵
    PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
      4⤵
      PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
    3⤵
    PID:9448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
    3⤵
    PID:15584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
  2⤵
  PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
    3⤵
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
      4⤵
      PID:11348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
    3⤵
    PID:10224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
    3⤵
    PID:14416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47049.exe
    3⤵
    PID:13248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
  2⤵
  PID:5612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    3⤵
    PID:13092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    3⤵
    PID:6692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
  2⤵
  PID:10984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
  2⤵
  PID:14448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
  2⤵
  PID:16636

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 2060 -ip 2060
1⤵
PID:17200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 15420 -ip 15420
1⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 15572 -ip 15572
1⤵
PID:17252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 15140 -ip 15140
1⤵
PID:16816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 16248 -ip 16248
1⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 15584 -ip 15584
1⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 14808 -ip 14808
1⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 15624 -ip 15624
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 8944 -ip 8944
1⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6952 -ip 6952
1⤵
PID:17272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 4272 -ip 4272
1⤵
PID:3032

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe

Filesize
468KB

MD5
a6bbedbf8cb009d71c96b31a85cb4fe0

SHA1
ece33edc08ef16fc779a255515fb424b2893eeb6

SHA256
b38125b099bfb69e3ca75cd8e815904e01c703cd25bb5f724c94c0951c473b56

SHA512
b0e9b28495c8fe6e2e22c87a4bcf039f0bb89af160964d516cc1958e8a47addc9f25fd69777ccb9eba108b79921c6b20339830733ea2ae2008e2bf0314fa409a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe

Filesize
468KB

MD5
6f31094fc1bdade12a8260c1461dc9d5

SHA1
d49261b126617842aa3fba9802c643ebcd98f204

SHA256
cfd56a3fe89eb7260482784d9ddd462723433a1da4a838df9256f7f7235a4233

SHA512
c15d4e058f19bd6f6839defe3cb6df357776ce45d984cffc178d335e0b50d3b22bcd95a53c72041598ce8d7d3fe6e209dd9949078c8c0ae48e1954d4b61aa99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe

Filesize
468KB

MD5
093b9a3d2dd360273f1a28354cf0241a

SHA1
5b508af19b12a1910db04c7d984aa7a467e97dcb

SHA256
4b1f6020f25e661c9f4d9109c0381a8712da32b121337cade20d064431155971

SHA512
b531bc110dd1345c2cba4795dc33a9dab1e2181b04752c98c23bd1a7b2066e778a0e3f542d140d67c402f2819c83936e5f96537f81bab0bd11fddf31a8b3b1a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe

Filesize
468KB

MD5
c7444c84ab347f67bf65464a30b0edec

SHA1
c58f480881637fe32358fb0b7cdc2bd4ee69b2f5

SHA256
91484134cfc2c32cbdd018c8d64981b23177e10866f30a234841bbea4f676b12

SHA512
0ca4e41baa6e049a78426c54fac0fad7f17f77e331993d407e8abb7319f28d3dfa56a9b8c8abff33f7cdde88cb31ac547af137e2baaec940284cc31bd5d68bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe

Filesize
468KB

MD5
75ac7823e0f013448ae83ff719be5fd6

SHA1
221d549233c9bd263a760fdf970d344c18f0b19b

SHA256
c85efdfbdf849d039409aac0aeb1c99dc13af6c469e5e1bd81ddfed39bf2c877

SHA512
7a2572fdf0664b569fdd435af1d0f962d01fe4f65d131bc86599d591734d8e0f19e19b586e503b2b48bb33258ba0f399ecae021e240950db1f576cef06d34b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16046.exe

Filesize
468KB

MD5
6b071a8f4038f6c7458723f21d9db081

SHA1
cda96307b802237d371779a5fefe3961011e71f3

SHA256
08817c46c8ab9caa7640495bf0801e173243ee4bd0f288e8b25550c65cd2c82a

SHA512
e5245ea14b3f5f53e2fb4a9c3be81f4fa738e9ad1b822dbe5bb7a013e8576787459768aec5a13f4508f8d2678acdd5e40bab00f69d8015d55ce0a31e5777f3fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe

Filesize
468KB

MD5
5f7a6bd5ac61f3cd72c8942b08ebe2c6

SHA1
41c547c1835102f37803374e879ccd8e7c0b7532

SHA256
7726b838ba3a4041ade031a2803a806405e69567f803106a889156ed431c8976

SHA512
1b3ca6e6bd64a83842260fe5f95db39bbef5b7753e8320b6903b9be5a7b3dddfe45157eae12ae54b2261819b0c7334674562929bf0a6d2a8f672b84c44de76cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe

Filesize
468KB

MD5
3a1ac0931f6396f302d32d4e4aee57ee

SHA1
53691f65fe6dcc8e71b160b4a09803ea6afe380c

SHA256
d70c996a31596157d522dd1b868215348f52a3407a7d9ad6473aba099813b924

SHA512
10627b1d7f622adba9c797b972be50a8b912d95da183b8fb7fc5e0cacb8b62abbdd302b29bb1c667774d7267331dc494bfb681d5e92ff3ecad046aa062fe0f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe

Filesize
468KB

MD5
51c0244b2f2fffdd87ccfcb5bccb70c0

SHA1
4bdc0fa610ee971150b87aa31f338af74f4a547c

SHA256
390a66cd5a85a9c45039c6246c913822dc6e611ef7aebb17145edc0914360b55

SHA512
f2cfe8df4f353c566df142ee853512fa5d301e9b24775cbbb9ae7058b114c7d11d045dc4d782beb2de1d42ff5996b34339a51bd0b51190dcec09d684d8deb726

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe

Filesize
468KB

MD5
c952034d6caecd1f65769717f67a398b

SHA1
3dec7e0f50882254edb0a6e2684817ad29937319

SHA256
f1f3452d58298daf23b6f0d7ff21f7ad4844b033f6ff4f733e7e3285ea9e1af5

SHA512
333953c6081e5a058b957a46400b464301bd862bfcb699748bb67c5bae42fc1d044ebbe11c44add85d1227503c352a2857f8d23669fd527fc7ab67521023b769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe

Filesize
468KB

MD5
2f99c76624dfca365a39c06f6f92f968

SHA1
94476cb13ea7eee57b964d1723e6f57bc06ad6f8

SHA256
6016c43d1b76f3a00ca212432b0d77f9adfb47f2ae5b5a1bedfe7ebdd97fe3e3

SHA512
3cc9766375f6383fae77262f284b5c5cad733f66c3e03d75def0ff71e39c0dd8e7497e18486ff65196ac619d845b3fd4b79340e3cacf2f0a444d26cf6754f5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe

Filesize
468KB

MD5
802454f3c9236cbb3b09a95b48341da0

SHA1
9f56fb3099338814dc722014d952988c7933288d

SHA256
cbe3e6e385b22eadffb16ad57aaa3d6207bead2cf2286f01815b46654fd0f65d

SHA512
2097e89ecd95eba07b69eee3da63dd28f9c8383eb00fe0947fd8875394c0130d51f209cb68bebbcda8ac05df87b3827c387c088b8a113d2938788b5e5feabbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe

Filesize
468KB

MD5
7b4a2ce7aaa184dfcaf435621894c692

SHA1
ac484d718f068be63eaf81aae588d828d74fb966

SHA256
400e23a6ef3cd167cd56f0023eeb24f2d52d2ddd1f2baf1b7828cce0e04b4e96

SHA512
2ca7ed11a3db2992de772354e3803988e123821739613d40c0de05b18f28fe86051c5d95c5fe25a3ea1409b50d96c351bca70b894175d4bf4f5b9d1819c2ed27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe

Filesize
468KB

MD5
2d05cdfa97693385446f44685a9b118f

SHA1
e63444fa4c918e96cd83c68796c3a7a7a72faf4a

SHA256
153a40b432568f308f0e3dea01377ba977d68900446e9e8a8ae37c7d804c8254

SHA512
de213df46847c239ac62bab7d631cc0fe37d1ed4857465de48dc9c90956a6146a058ec70f668b40d39290f7413ed423a25802d2b78d85120577c8b44041c1ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe

Filesize
468KB

MD5
a0392743eb398f31d945f897e26f5486

SHA1
c501bb19e2236761453d12ff93d2af0df90a75ea

SHA256
de103c62e622238c419d2ba7086166414dc8f8e12b0e4f0ae7fb8893d4da0604

SHA512
eb81719a603060528a1149bd31f4ff85e981aa6413df0b802cc1c6fc1c440c89837fb251ac0e59e6c1ed20bc709c55c98d0fbb1a9c70c4d2d9d3c0ce0e13f729

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe

Filesize
468KB

MD5
83570e04ef22c3072bcbf1a08a7a7307

SHA1
fc95f6ec9bef09afa8074dd2a4a36cc99b0aa01a

SHA256
be47c81334eaa22c622b08a8a19f863b771b51dfab25da8e7f23b71bd9cee4d7

SHA512
a75fb1a110b8902581468b61fc4f7f00a323bb163692f0a06def1bca593f9ac8aabd6ae9085f3c8ddbc68e7d021d3de3eed77f92e0ca836938cd2c615e6aeae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe

Filesize
468KB

MD5
ebe6493e55b9ee6e2a160560afa98682

SHA1
6f956e95cd6533ebaa9f928f5809c0cf9e9873d1

SHA256
a768cbb920df8a76ff3f92d3d6a3287876077503f27ba60ec52e5046fcafe266

SHA512
0e7d7d2b7c256a3808dccc275740c288c5f7cfc46ebba007898d8b19bf1aae690a43b676ee8e7b35b39e4abb456400c630f373186fcd4f4544e3f136476e7976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39664.exe

Filesize
468KB

MD5
98bd8e7259741e0efc08bf5f89ed5ec4

SHA1
30b38ff6c330e2e14b1d8f4ba0f2e61a3a91f612

SHA256
25f48accc1d91a5dda6d8ab6f55063393b21986e6e0cdb85d075982760d6a701

SHA512
cc759be67ca1badb4eb5e8cbbac0cf7b5ac75cfe486608c0d0675b2b5e37b1caccc80fe9c7c4a7861ba96c39b1389a3a0232eef6585941d1879a9e27588956f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe

Filesize
468KB

MD5
d01fb022478e4a2a93a6092d41bf3b42

SHA1
28abf2d2fef230db16782f34d5c9efe3a26da586

SHA256
bb6f6e61ae3ebcc8260bab97b08a415835db9cfc48b866f1262b0a690036c372

SHA512
566d78cb549b85ef84e71e32e406fe3d382d86b2f7902860bea5dca283878b117c553d18d94d9f194b670b269230578979b05581fd7023421b490f6db21e7a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe

Filesize
468KB

MD5
f542cf88734d95af4e37668b8ac8f2b8

SHA1
1f551f654c71150d4614b2273146e4d2ca50b22b

SHA256
9b123021442410a85602774f0cd9d61bc725ebd5af6b236d234a3b68f53efe0c

SHA512
6eeb8482913f248422cd3a3a68aeb577609346cf4bca5bbb229073a74e0ec7cf653413594b8549dad26a595a41e9ed73e38d6cca94798761256f4aef03850b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe

Filesize
468KB

MD5
c484f66e5eab87bf7129f4fce392d1d8

SHA1
b8c3ce8cad53f1cbf2eff1165048d32973409449

SHA256
c0978b5d57f585ee7ee14397d6f5c8a451d60817dcba29418094b2b4f4f7e4c2

SHA512
4c2eaa15f990d7aa359214412cd19011b6d7565a4953f6947f6e5a573e72409dffb5ff5d40cba152c2f571545d033d64288d6d6847e8cb3ee6ebc18e78bfeb56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe

Filesize
468KB

MD5
0e3cf9e53a252063c5e0467438ffec81

SHA1
e9bf922cf6a216c92b025a83cc7828975509e480

SHA256
7e5c1cdee6d79f658f40c72b93bd5c1fa8baaf46ffcd47e5a510139cd6985cc7

SHA512
a56783cb7607567742426275f109963951b3db0ee2ed7710c70c9b25475a4babe933554603fa89459d71f6f7ec497a13affd8c2e62c33697a78457ac1ae20b3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe

Filesize
468KB

MD5
f52502e21aa7f6d63c5bb89b8e49153b

SHA1
414ec3634cd0706490b05f83931268a51505c134

SHA256
6927b85a61a9870272c11e7184dc51e9be524d3c8de9fbf2b47e50804485ef2c

SHA512
3260402e5e909e513357d00658377fe4996c749197345cedb01b52b748bdbe51b241d5416f69eef9db58e9189c5c6b5e9e7544a5fd887bb2f9474e52ce4634bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe

Filesize
468KB

MD5
c7e5c37a7b9ebfdf89aee13a9f85526c

SHA1
a9aa8f2d90af9583b37f359407adfc32a060cf97

SHA256
fad5b6debc74bb2539cba0a46afaefd61995e35dd26595731d1de8801220ef2e

SHA512
45880b462d21cf64f0544f845e27f7b882a6869b04a15180a36ce58c84f9e3bd19b6e651a163564a8891deb809930ea5464a5047f9cd65fd26fcffa63ba97fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48143.exe

Filesize
468KB

MD5
d6c42d3c65f84c9129f0f0575709040b

SHA1
49e759b7fda2d70f3711ac1f9bd043145ed7ee9c

SHA256
0220942dd125433937ecc95fe725b3596146738bdcc8acc630b43d09ea4db8df

SHA512
3af14d172e26cbb53413d915c333ef38d8ab72893adefc82cef7c0be536c07722c8aef8ef30f0aea527662bfa85806f906ac7903b2b830229f781bc650f5dd31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe

Filesize
468KB

MD5
c3fe7c972e8c13de1bda78b2eac90ec2

SHA1
7d25b423a856f105954f2e70c171e42fa7c3cb05

SHA256
5b89d4a0383f06d437334447805dfe6beeb02465c83888f395835f72fcf05261

SHA512
9adf232461cbee92b8fd580f739113cee77b717d9011e98ec6696b29ee205917ae333e4e43ba28bc6c41f545de8e571357110d339155787140576d08ea2a675f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe

Filesize
468KB

MD5
dfab05219022185bbff590f2deeb0dba

SHA1
91e93bcb8cf699db19adbf34348e3906a2d41438

SHA256
309ed90c1619bf5b22daf9d8396038de3ad73e97fb1968ac08dcabea9e2e3033

SHA512
978dc9f780cba89082fdac954c9567682888c14af5eaa6b6f404c480c5bf24cb81a8b486affff4e99f50bcbe1da6e21da026cb7bf6d1a4dbddfa7fde6add271b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe

Filesize
468KB

MD5
37aa4190aad843bff9c1f75d57eec7ce

SHA1
f83c4d1cf0dc0b343a6e883f5e54af2872460ebd

SHA256
3a71300a23cc88d863db5606476e057e1c7e55c2c93fb13aabd0ee9e77fd0b37

SHA512
8de89130b1c194a0c25077cb1cdb2ba75cbc9cbb6642997ec22fc6dfd283bc6502b6ca22491e791516f1a498d29934da9945b53e81b60c56b64e93c521a6dabd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe

Filesize
468KB

MD5
8e31ce6c21bd8c3ad2c7ad95492ddfcd

SHA1
fe57603ea4fa6ee776ee85bc940d84b3b51b7ce1

SHA256
9df24a6fb11c569ef8beb1a935fc318bba8d04ef5759a71f3be0e2d04434ea2f

SHA512
c0bca1425b0dae21f04103609f79d90627969ed29da51170bb0312da80ce0c0d2e26d4e8d812f5b4cfa231a7eb7e64ae2f71b38c524c32674655814d47b61e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe

Filesize
468KB

MD5
63d786ed24a9210a081912f24852a75d

SHA1
db376619113c1feefe71566e93157dd9c7bddf0d

SHA256
cd8150ffdb5971c9d06b2d0139e49d733084b086a650d3b4a0a30f7cd6cb3234

SHA512
ec023fe4e628a1be26480f6b0f03cf266602fda0837e0bb029bb81d684cb7c830fe12f2d6804a4bddec6bba940b2b5732f2ee75c5266133cd99234f5ef8bcec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61080.exe

Filesize
468KB

MD5
51f088e6e8be8f1145540108961be872

SHA1
e264300d0274f7ce8cc7895ba6b2f18f94366857

SHA256
ec1a88ee057c30046ca519914c34fc6df3a5c8a900dce6f63fb42937e2453a78

SHA512
e57a14897214ed56cfcb633d9511abd89260101dfb34b42524a21dccf1fa30ce4660f06af7401c68de39a36c9b6451e0bbf05cf85152a1c61f6fb99fee51f551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe

Filesize
468KB

MD5
6f49010d03739183f109c3ce93e5a718

SHA1
49fc0d583c1ce60fb59024eb54fc2c971ed333c5

SHA256
b3f2e3180cca9251bd789b688b31349a5dc51fe1402b9c4b3f4635adca093953

SHA512
089c7bda2f2c1d29f2c4575c596d8608f318d05590b3090982c0258fd2eeff29ddd2b6df8efc63e9a0647b48c42e1ed2726f777ddeb1d9a32cebefca95de5d00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe

Filesize
468KB

MD5
b4102a8835b80dc680ce0b923505a407

SHA1
db67e03bd8ed0692fa724ca84d2327e1a5f583b7

SHA256
dbe1724cff2f68df82431f19f9286aae3893198359ff237f23f92850f2d57c19

SHA512
7b3a84dd472c3cbde731ecd3eb4276b63b54099c518c974f74529b2ed34a49140332de62a41da05a60d1fd748ad2395aeba1f0ed4c83e124af9a9ab02e609a26

Download Submit
memory/15472-3146-0x00007FFD8A100000-0x00007FFD8A183000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads