697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe
Size

184KB
MD5

53d90edb2dff348e95811012ac18cb80
SHA1

5069ef51fd2146c683154bbd1e6ef6f4a71d0618
SHA256

697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126
SHA512

9a14fa45d7be6e1b45660745edb8e8bc722de60993629aaef65937e85e3c8691e60499674cab6db4aba3252d3fff27e96bb04645611aa8d486f49771207331fd
SSDEEP

3072:wop1n3onpkeb9dq2TL209wGBpJvnqnpiu/:woHoXLq2P9TBpJPqnpiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2280	Unicorn-43870.exe
4188	Unicorn-42608.exe
4200	Unicorn-62474.exe
848	Unicorn-27830.exe
3464	Unicorn-9255.exe
704	Unicorn-7217.exe
4416	Unicorn-44721.exe
1920	Unicorn-51862.exe
2296	Unicorn-19552.exe
1476	Unicorn-23082.exe
932	Unicorn-10372.exe
4880	Unicorn-63922.exe
3768	Unicorn-63922.exe
544	Unicorn-35888.exe
2300	Unicorn-49624.exe
4412	Unicorn-20918.exe
1368	Unicorn-4389.exe
2756	Unicorn-4389.exe
1820	Unicorn-305.exe
4844	Unicorn-53590.exe
4484	Unicorn-33724.exe
3948	Unicorn-36299.exe
2344	Unicorn-39100.exe
4336	Unicorn-25364.exe
3564	Unicorn-40881.exe
412	Unicorn-39100.exe
748	Unicorn-14456.exe
2900	Unicorn-55297.exe
4004	Unicorn-48281.exe
4952	Unicorn-31198.exe
2184	Unicorn-61877.exe
2636	Unicorn-3377.exe
4876	Unicorn-46256.exe
3740	Unicorn-62054.exe
64	Unicorn-45718.exe
2020	Unicorn-21576.exe
952	Unicorn-21022.exe
1884	Unicorn-1156.exe
376	Unicorn-61597.exe
1380	Unicorn-49610.exe
5100	Unicorn-45526.exe
1504	Unicorn-33082.exe
3604	Unicorn-20067.exe
1472	Unicorn-41250.exe
2564	Unicorn-24914.exe
3596	Unicorn-44372.exe
2284	Unicorn-4301.exe
900	Unicorn-63708.exe
1320	Unicorn-4036.exe
1516	Unicorn-43288.exe
2396	Unicorn-49418.exe
2320	Unicorn-49973.exe
4556	Unicorn-18591.exe
2528	Unicorn-21214.exe
4892	Unicorn-6915.exe
4396	Unicorn-6029.exe
2108	Unicorn-1945.exe
3268	Unicorn-39448.exe
4392	Unicorn-49100.exe
4572	Unicorn-64358.exe
1684	Unicorn-19796.exe
4596	Unicorn-39662.exe
840	Unicorn-23061.exe
5028	Unicorn-19604.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2544	3768	WerFault.exe	95
4920	4880	WerFault.exe	94
8544	7248	WerFault.exe	345
10996	6108	WerFault.exe	246
16420	15516	WerFault.exe	804
18248	16912	WerFault.exe	842
17860	18248	WerFault.exe	983

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5564	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1188	dwm.exe
Token: SeChangeNotifyPrivilege	1188	dwm.exe
Token: 33	1188	dwm.exe
Token: SeIncBasePriorityPrivilege	1188	dwm.exe
Token: SeCreateGlobalPrivilege	11372	Process not Found
Token: SeChangeNotifyPrivilege	11372	Process not Found
Token: 33	11372	Process not Found
Token: SeIncBasePriorityPrivilege	11372	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe
2280	Unicorn-43870.exe
4188	Unicorn-42608.exe
4200	Unicorn-62474.exe
848	Unicorn-27830.exe
3464	Unicorn-9255.exe
704	Unicorn-7217.exe
4416	Unicorn-44721.exe
1920	Unicorn-51862.exe
2296	Unicorn-19552.exe
1476	Unicorn-23082.exe
932	Unicorn-10372.exe
544	Unicorn-35888.exe
4880	Unicorn-63922.exe
3768	Unicorn-63922.exe
2300	Unicorn-49624.exe
4412	Unicorn-20918.exe
2756	Unicorn-4389.exe
1368	Unicorn-4389.exe
1820	Unicorn-305.exe
412	Unicorn-39100.exe
4484	Unicorn-33724.exe
4336	Unicorn-25364.exe
2344	Unicorn-39100.exe
4844	Unicorn-53590.exe
3948	Unicorn-36299.exe
3564	Unicorn-40881.exe
748	Unicorn-14456.exe
2900	Unicorn-55297.exe
4004	Unicorn-48281.exe
4952	Unicorn-31198.exe
2184	Unicorn-61877.exe
2636	Unicorn-3377.exe
4876	Unicorn-46256.exe
3740	Unicorn-62054.exe
64	Unicorn-45718.exe
2020	Unicorn-21576.exe
1884	Unicorn-1156.exe
952	Unicorn-21022.exe
376	Unicorn-61597.exe
1380	Unicorn-49610.exe
1504	Unicorn-33082.exe
3604	Unicorn-20067.exe
2284	Unicorn-4301.exe
1472	Unicorn-41250.exe
2564	Unicorn-24914.exe
900	Unicorn-63708.exe
1320	Unicorn-4036.exe
2396	Unicorn-49418.exe
1516	Unicorn-43288.exe
4556	Unicorn-18591.exe
3596	Unicorn-44372.exe
2320	Unicorn-49973.exe
2528	Unicorn-21214.exe
4892	Unicorn-6915.exe
3268	Unicorn-39448.exe
4396	Unicorn-6029.exe
4392	Unicorn-49100.exe
2108	Unicorn-1945.exe
4572	Unicorn-64358.exe
1684	Unicorn-19796.exe
4596	Unicorn-39662.exe
840	Unicorn-23061.exe
5028	Unicorn-19604.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 2280	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	83
PID 4864 wrote to memory of 2280	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	83
PID 4864 wrote to memory of 2280	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	83
PID 4864 wrote to memory of 4188	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	84
PID 4864 wrote to memory of 4188	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	84
PID 4864 wrote to memory of 4188	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	84
PID 2280 wrote to memory of 4200	2280	Unicorn-43870.exe	85
PID 2280 wrote to memory of 4200	2280	Unicorn-43870.exe	85
PID 2280 wrote to memory of 4200	2280	Unicorn-43870.exe	85
PID 4188 wrote to memory of 848	4188	Unicorn-42608.exe	86
PID 4188 wrote to memory of 848	4188	Unicorn-42608.exe	86
PID 4188 wrote to memory of 848	4188	Unicorn-42608.exe	86
PID 4864 wrote to memory of 3464	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	87
PID 4864 wrote to memory of 3464	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	87
PID 4864 wrote to memory of 3464	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	87
PID 4200 wrote to memory of 704	4200	Unicorn-62474.exe	88
PID 4200 wrote to memory of 704	4200	Unicorn-62474.exe	88
PID 4200 wrote to memory of 704	4200	Unicorn-62474.exe	88
PID 2280 wrote to memory of 4416	2280	Unicorn-43870.exe	89
PID 2280 wrote to memory of 4416	2280	Unicorn-43870.exe	89
PID 2280 wrote to memory of 4416	2280	Unicorn-43870.exe	89
PID 848 wrote to memory of 1920	848	Unicorn-27830.exe	90
PID 848 wrote to memory of 1920	848	Unicorn-27830.exe	90
PID 848 wrote to memory of 1920	848	Unicorn-27830.exe	90
PID 4188 wrote to memory of 2296	4188	Unicorn-42608.exe	91
PID 4188 wrote to memory of 2296	4188	Unicorn-42608.exe	91
PID 4188 wrote to memory of 2296	4188	Unicorn-42608.exe	91
PID 3464 wrote to memory of 1476	3464	Unicorn-9255.exe	92
PID 3464 wrote to memory of 1476	3464	Unicorn-9255.exe	92
PID 3464 wrote to memory of 1476	3464	Unicorn-9255.exe	92
PID 4864 wrote to memory of 932	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	93
PID 4864 wrote to memory of 932	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	93
PID 4864 wrote to memory of 932	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	93
PID 704 wrote to memory of 4880	704	Unicorn-7217.exe	94
PID 704 wrote to memory of 4880	704	Unicorn-7217.exe	94
PID 704 wrote to memory of 4880	704	Unicorn-7217.exe	94
PID 4416 wrote to memory of 3768	4416	Unicorn-44721.exe	95
PID 4416 wrote to memory of 3768	4416	Unicorn-44721.exe	95
PID 4416 wrote to memory of 3768	4416	Unicorn-44721.exe	95
PID 4200 wrote to memory of 544	4200	Unicorn-62474.exe	96
PID 4200 wrote to memory of 544	4200	Unicorn-62474.exe	96
PID 4200 wrote to memory of 544	4200	Unicorn-62474.exe	96
PID 2280 wrote to memory of 2300	2280	Unicorn-43870.exe	97
PID 2280 wrote to memory of 2300	2280	Unicorn-43870.exe	97
PID 2280 wrote to memory of 2300	2280	Unicorn-43870.exe	97
PID 1920 wrote to memory of 4412	1920	Unicorn-51862.exe	103
PID 1920 wrote to memory of 4412	1920	Unicorn-51862.exe	103
PID 1920 wrote to memory of 4412	1920	Unicorn-51862.exe	103
PID 932 wrote to memory of 1368	932	Unicorn-10372.exe	104
PID 932 wrote to memory of 1368	932	Unicorn-10372.exe	104
PID 932 wrote to memory of 1368	932	Unicorn-10372.exe	104
PID 2296 wrote to memory of 2756	2296	Unicorn-19552.exe	105
PID 2296 wrote to memory of 2756	2296	Unicorn-19552.exe	105
PID 2296 wrote to memory of 2756	2296	Unicorn-19552.exe	105
PID 1476 wrote to memory of 1820	1476	Unicorn-23082.exe	106
PID 1476 wrote to memory of 1820	1476	Unicorn-23082.exe	106
PID 1476 wrote to memory of 1820	1476	Unicorn-23082.exe	106
PID 2300 wrote to memory of 4844	2300	Unicorn-49624.exe	108
PID 2300 wrote to memory of 4844	2300	Unicorn-49624.exe	108
PID 2300 wrote to memory of 4844	2300	Unicorn-49624.exe	108
PID 848 wrote to memory of 4484	848	Unicorn-27830.exe	107
PID 848 wrote to memory of 4484	848	Unicorn-27830.exe	107
PID 848 wrote to memory of 4484	848	Unicorn-27830.exe	107
PID 4864 wrote to memory of 3948	4864	697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe	109

C:\Users\Admin\AppData\Local\Temp\697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\697022936a7ad3ed23312c16397ca46e2f9c95be98d74ea6f7215b4e3d0bb126_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 464
        6⤵
        Program crash
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        7⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        9⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61982.exe
        10⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        10⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        10⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        10⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        9⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        9⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        9⤵
        
        PID:18116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        9⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        8⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        8⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        8⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        6⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
        7⤵
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
        6⤵
        
        PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        5⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        7⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        7⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        6⤵
        
        PID:15516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15516 -s 212
        7⤵
        Program crash
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63066.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        9⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        9⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        9⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        8⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        7⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        6⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        7⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        7⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        7⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        7⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        7⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        6⤵
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        5⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        5⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
        6⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        6⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        5⤵
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        8⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        8⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19858.exe
        8⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8903.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        7⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        6⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        7⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        7⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        
        PID:18048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54141.exe
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        6⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        5⤵
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        7⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        7⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        7⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        6⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
        5⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
        5⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        5⤵
        
        PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
      4⤵
      PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
      4⤵
      PID:18124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
      4⤵
      PID:15796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 436
        5⤵
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        6⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        7⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
        6⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        6⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        7⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        6⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        5⤵
        
        PID:16360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15469.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        6⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        6⤵
        
        PID:18108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
      4⤵
      PID:12644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46500.exe
      4⤵
      PID:9464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        7⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        6⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1495.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12272.exe
        6⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        6⤵
        
        PID:32
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        7⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        7⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61232.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        6⤵
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        5⤵
        
        PID:16332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        5⤵
        
        PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        6⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        5⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        6⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
        6⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
      4⤵
      PID:13304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15100.exe
      4⤵
      PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28242.exe
      4⤵
      PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        7⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        7⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        7⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        6⤵
        
        PID:18352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        6⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        6⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        6⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        5⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        5⤵
        
        PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        5⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        5⤵
        
        PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
      4⤵
      PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
      4⤵
      PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
      4⤵
      PID:7872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
      4⤵
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        6⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        6⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        5⤵
        
        PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
      4⤵
      PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54265.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40123.exe
      4⤵
      PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
    3⤵
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      4⤵
      PID:9920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
    3⤵
    PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
      4⤵
      PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
    3⤵
    PID:9512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
    3⤵
    PID:13336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
    3⤵
    PID:1580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        9⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        9⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        9⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        9⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        8⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        7⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        7⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        7⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
        7⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        6⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        8⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        9⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        9⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        9⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        7⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        7⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        6⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        8⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        7⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        6⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        5⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        6⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        5⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59885.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        7⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35641.exe
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20339.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51525.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11175.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52228.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        8⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24335.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        8⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        7⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        7⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        7⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
        7⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        6⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        5⤵
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        5⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        5⤵
        
        PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25954.exe
      4⤵
      PID:10828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
      4⤵
      PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        8⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        7⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 464
        8⤵
        Program crash
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
        7⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        7⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        7⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        7⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        6⤵
        
        PID:11476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        6⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
        6⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        7⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        7⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        6⤵
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        6⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        6⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
        5⤵
        
        PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        7⤵
        
        PID:15492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        6⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65017.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1489.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        5⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      4⤵
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        5⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        5⤵
        
        PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        5⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe
        5⤵
        
        PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
      4⤵
      PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23252.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      4⤵
      PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
      4⤵
      PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        7⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        5⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        5⤵
        
        PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        5⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
      4⤵
      PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
      4⤵
      PID:17424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-505427114996284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505427114996284.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-418737953297635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418737953297635.exe
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42552365238145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552365238145.exe
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-306501611348338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306501611348338.exe
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        5⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
      4⤵
      PID:12548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      4⤵
      PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
      4⤵
      PID:8436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
    3⤵
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        5⤵
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
      4⤵
      PID:16096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
      4⤵
      PID:18044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    3⤵
    PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
    3⤵
    PID:9904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
    3⤵
    PID:13248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
    3⤵
    PID:15132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
    3⤵
    PID:6272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        5⤵
        Executes dropped EXE
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        6⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        8⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        7⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        7⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        7⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        7⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        7⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32693.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        6⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        5⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        7⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        6⤵
        
        PID:16164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
        6⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19862.exe
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        5⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        5⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        6⤵
        
        PID:14452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        6⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        5⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13528.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        5⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-402.exe
        5⤵
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
      4⤵
      PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55702.exe
      4⤵
      PID:16752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        6⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5099.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2563.exe
        5⤵
        
        PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
      4⤵
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
      4⤵
      PID:16564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        5⤵
        
        PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      4⤵
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
      4⤵
      PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      4⤵
      PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
    3⤵
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
      4⤵
      PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    3⤵
    PID:6568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
    3⤵
    PID:9340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
    3⤵
    PID:13328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
    3⤵
    PID:16552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        5⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        7⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
        7⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        7⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25783.exe
        7⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48836.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        6⤵
        
        PID:16912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16912 -s 464
        7⤵
        Program crash
        
        PID:18248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18248 -s 564
        8⤵
        Program crash
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        5⤵
        
        PID:12740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59106.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        5⤵
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61971.exe
        6⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
      4⤵
      PID:6108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 628
        5⤵
        Program crash
        
        PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
      4⤵
      PID:12396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31022.exe
      4⤵
      PID:7556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        6⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        5⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2119.exe
        5⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        5⤵
        
        PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
      4⤵
      PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
      4⤵
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        5⤵
        
        PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        5⤵
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37632.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
      4⤵
      PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      4⤵
      PID:7240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
      4⤵
      PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
      4⤵
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
      4⤵
      PID:9024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
    3⤵
    PID:8996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    3⤵
    PID:12504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
    3⤵
    PID:15092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
    3⤵
    PID:18200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        5⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        5⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        5⤵
        
        PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
      4⤵
      PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12430.exe
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
      4⤵
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
      4⤵
      PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
      4⤵
      PID:8228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
      4⤵
      PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
      4⤵
      PID:604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
      4⤵
      PID:9304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
      4⤵
      PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42675.exe
      4⤵
      PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
    3⤵
    PID:9368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
    3⤵
    PID:13064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
    3⤵
    PID:4860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      4⤵
      PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
      4⤵
      PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
    3⤵
    PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
    3⤵
    PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
    3⤵
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
  2⤵
  PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
      4⤵
      PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
      4⤵
      PID:18064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
      4⤵
      PID:14224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
    3⤵
    PID:8512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
    3⤵
    PID:11568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
    3⤵
    PID:16212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
    3⤵
    PID:18080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
    3⤵
    PID:7040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
  2⤵
  PID:6712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27188.exe
  2⤵
  PID:9948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
  2⤵
  PID:13256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
  2⤵
  PID:372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
  2⤵
  PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3768 -ip 3768
1⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4880 -ip 4880
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7248 -ip 7248
1⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6108 -ip 6108
1⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 15516 -ip 15516
1⤵
PID:15508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:5564

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe

Filesize
184KB

MD5
29a2bc7736dd3e36c94de06722dae455

SHA1
b459646ccaa0671392a066596b164f2240fb6461

SHA256
2db1a89b07cffa2aa27eb9c652a11ef65de26f95eff4793370b7ea4698124f12

SHA512
9b77d342a063cded82a94c7fb5b92db5886dd701caa5cc9337b3c82a69b7237d5831f1d582583c72c5c44fdec42e2872b601407ba6fcb49626bb21d3005dd6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe

Filesize
184KB

MD5
86c126f6849695bc2cc8860374b6c9ac

SHA1
5cf44926545fa6e40a9a53a3753160ab5910d3ed

SHA256
a33d684d1360cfd202b12d332a3f20bde1fb63ccc36a67c5cf1ea38bb00d6ef1

SHA512
8c9db0f6ceb94ecd1fb606852f530efe1656264fe7bbdac05cc463665d59d83ea2c7bc84ea3647a4b8b6eb0805fc76b11298fe1bcc81ce26e74131581d6712bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe

Filesize
184KB

MD5
277bcc44bf689d88fe5aaec41eb565c5

SHA1
80041d65e1275a1f9d76433234dde2f30533ccd3

SHA256
82db0eb0bc2a4823f3f52f9a960ff288fc9ba056cb58367eaa5e91449f4d52cc

SHA512
88a6c0fba07d4e9dcb0ea17b0b96d0ddd36c6111c80439440e3d4d2d032cef9e39b26c08678144e62f80feb414eea31d793f4f181706c34ab0eed56e398bd46d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe

Filesize
184KB

MD5
9b6ccb206e765bb89cdd071f91374bd9

SHA1
ba02faf9b0dea8a4cb0701d7fa488d56a1766a34

SHA256
01070f1d04e32e74e043c28a5d39c0a7c79c2c4455effef4932942ea88f64e3d

SHA512
81b97de9dd5f68681b357a7db9aa05e5ed22e5f7336b42881d0aac5e4a956a197beb7b23fc8ba752dd531394c4b74275225057971745dac69bde83da78e901fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe

Filesize
184KB

MD5
2d2b4a795fe011b941c58d91a96b2b0f

SHA1
c0c2450a7ff7bdaff8a1720002e9a53d27b81f6c

SHA256
d968a38f282d19c9a8e4ef21b4eaac821a374992a006d4971d2248a8454f6c87

SHA512
2534ae91b1acdaf9c7b75fecfc5ee640b0dc606d2871508babff54731a68403666a54ea16d8bde13daf5f6c80bb1b1a944df75f47a30e065fef7013c58fad7a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe

Filesize
184KB

MD5
2dc1910a15eb850f27c43af9c2ec399e

SHA1
e7e01504d6b0ffe0ff216692a73d48baa095b6e8

SHA256
2048b69fc390fcaa55e738b024deb5e085065511d5c644c95280574b7dead3fc

SHA512
51d51f28cff46a62b0fe39080f2f30e5f01e831ec432e2277a4f450df0390efce99780b629d4ffc443d10f57b9b09c75568f3a6c2d2c6060b00159b6dd598d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe

Filesize
184KB

MD5
54a710efe3aebe1e2e72f6d4fa9aeb27

SHA1
01b1cde83435a5f2a85b53e5338c514211cce52c

SHA256
98e189bfa9590514a7db59be0fa554c3851975f2fe000d0eb80e91bc16dff4a7

SHA512
71b2c1098281d0508f2ebf44fb26471e9cab52008f9dab252fc884a3110c46437bd60a02d4f67a863f04fbde35987593557591809e14fcc3551c9e4fab369c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-305.exe

Filesize
184KB

MD5
8cee5f18253033b883a58fd98b59b84a

SHA1
900ba36455ca7f86e9b4884d58a441e0ddcec3e7

SHA256
86441e177715029def7657f0b1d1a8ccd23616efc331eeac2519039f5379c50e

SHA512
64629155995ea5cb1d188b1792db76a50738e54d926c4e05ecf1f1deb1c3971ef18733a76cddf5c84783c26dae08e2432a569f5bf5af379f9deaf3660b9d7042

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe

Filesize
184KB

MD5
fa2727a67106eba641675f2f2a212401

SHA1
d7a4b0b1861abf1d6b9f81609293351d4c4f1547

SHA256
6a310d01b0e107eda0f5afc701b9e540f5f98081cfcdfb80e1521f5c5bb99547

SHA512
e3e3b1fce53f649d72536e58a22f467c03206a857cca25705c3891693d93bee58f27cf069f83d52439c347b971e0f25b74ca79edf319dbcc557509dbf3c08e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe

Filesize
184KB

MD5
b4015c3b7c16a130ad68ef3be11d6645

SHA1
b83a122cda136e3483af885b32d9ce27656a2417

SHA256
603619aa7fc30f06cd2e16f054cc6a63d0ad2172e56e418c9a406a7c202c66e3

SHA512
30d7844fe61367dc3f9cdc6d7570bd596bf66003b033549867ad6ab619cef6cae66ec49995a3b0553c51e832e417026833dfec0d9859a2acc464210dde98095e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe

Filesize
184KB

MD5
8b92a2ec3e0b684a1122fa3b518abc09

SHA1
22dfafb6c1cb8febebee00d912a8e8e84d3f7dbc

SHA256
0f48941e5b9f1bb8ff454a80f5a696a546ec1f09f5e92214d84e4b749876cf19

SHA512
d5c0d31f7cb6cecd7ad94e066a58fe322c48d6b9564ad81ad92fa84d3645f358581ec762253ff568e8702ff5265361ec934156a232dc1cf4015007881b1fba72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe

Filesize
184KB

MD5
77bae39b39e72e258de2bbf891603463

SHA1
27643b12ac5b034bd706ff0fbbd8ef8ae615114c

SHA256
bfd55e33f1749742779ca7aed116a043f2e5a04c1500a644f25efbc3abc79000

SHA512
ffbc858ca90acda4f0ffd6314f5d455b09151633eb6e085d43b2a05e3b3f7ba54d0293206fc5a87513a746c1fda4d6e332b05d41dc147e805d2399d43a333c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe

Filesize
184KB

MD5
83cff95d9832beefafe3804b05c313fc

SHA1
5a0223ddb1f9c58c943471a6bb29dd2743669422

SHA256
0309e7af6a3ab66e889ec1457b3349aaddb03eb1dda5ef1a83ff24c168c95ee5

SHA512
138ec5721fb66be51522429e2b1cacdbcd110fa577f2c0bbc22f8cefdbc92bd2e8aa898f1a7152a578641e58904c2411647eeba44eaa3f8c8e1780c219457c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe

Filesize
184KB

MD5
1865d97511f2a7e880a6293de94ec165

SHA1
d5e83b66665f30e866dbe102f99aa8b27bfa743b

SHA256
67aa7b4d4e5363d2f357211f57ca4a768cdb68e3d19583aba3d9dd74741ec27a

SHA512
465a8a0f4dcdacc5175076110951d833cdf5624b6485f154422008d239d4e96833bbc7772f3de28eb9333bbdc3c4def261665d59063bee9008683081aa5e4449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe

Filesize
184KB

MD5
5dc682c6e0a832536c16ffdf70ea1c59

SHA1
d7d5b56ad4ee0b2e3c419e5a37f8fd13d3b1132c

SHA256
e8bb948c47cb4f0ac5732e9598472ff4df9b7a0609b783beb36d9a116df3dbf3

SHA512
ad143419deb5d4e17b5067e5b0c42151d043b509fae53976e05cfa985983421b37d220762e3a6beeb0a0c452a1acff4159e0a62ac9268d9d6dbc51e39d682b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe

Filesize
184KB

MD5
2dad866caee761cd71e3be43428ee2d9

SHA1
b32fe70939ffa72dc70569d919a3839d4c247b03

SHA256
e08d2411e4859395458ec5f8e0eb277a57185547077914bf9b8c2e857b650226

SHA512
4aa3b7c8ce577916b9a578bf8ff5c9f7dddc308190cfccedff54f2f6626fc2ff3665ae3b7f6467001abcbdbdce6b4d2086f0f871e912277e36ae174dafb9d346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe

Filesize
184KB

MD5
0a365bb2dd74caafb39ea6df30f6c6e0

SHA1
f59e76c81bca727efe3f06f730b72d3de8b28631

SHA256
f5507d334d340f73191b5b60c4514b0b07c5732706047791dbf684d8fbbf9648

SHA512
66b487b11cbf6ab480ff1adf7084a8f178dedbc7c0ff2c0d7aa648e21e0b4653cbc2b8ffca18a17739dba9d7011d0ba4a1303bf3343ecceda14652eac8504ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe

Filesize
184KB

MD5
a1299b070484807d5a34bb88af24f274

SHA1
44d90c2216ec1c43f0329789f9c7cfa646b2b220

SHA256
ca2fecff7516bd591ccf4f4d9360c771815302eada00bc9047cbac519c5d8d83

SHA512
3bc12c58c70f46f3de9ae0aff7240ffd73cae46792d26a8af613b17b4cff793b15f80fc9b682a0838519c89976329fe1b3fbfde159738c020f39f726d186e7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe

Filesize
184KB

MD5
8638b2531e383dd455a8e5f8b54afb91

SHA1
5941890d25222e28f4f1cbfcbda396aaf06687d7

SHA256
1495eed35bbaff32f431d8b211b703cabfa8563177f2bd6581072f1ce19b02e4

SHA512
7cf7b5e5cd2d7890bf83336f3fa1c63070c1c2da059e4d1ed590dea7a074117aabd13f132f3796533adabac1afd389350380d79f8118fd37a95741cedf7eab23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe

Filesize
184KB

MD5
ca9b254b93f1e9735177608a7a2c9b9e

SHA1
2ea268872841a60dbf4126bf80fdd08d0febc6e1

SHA256
b33135553d8c2ce2c539a53b23ce2754c447e79901b560573854a477c63f7d58

SHA512
61994bffd3cbbaf6c5c0385c29f6cb7b1ed0fd8e870fc14b7dd816e4df91538e537be8f78e42f435ac2857834ac95acf7313d81e1f19b6ee4beccef56f51cd3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe

Filesize
184KB

MD5
ef6f8217cd23dcb237116f6bcc221177

SHA1
83e4201e937ad8e294c62bfd782216e63c9cb935

SHA256
29f53a67d1ad67cca185e36e7102a360b13ecedfb95a5febfe3b98708ae423e1

SHA512
775ec9fc0effef5d51038a3e5a56985021e72cc09609bd2580351ed6e88b9868630e9ba49b261fd62003db5677c7a7b32e9f802f5aa96424410b7557ced508d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe

Filesize
184KB

MD5
35c88aa439ab688819280440d55301dc

SHA1
6329313dc346a9e3bcdb2411079875b94483fabf

SHA256
2803713745ebe0d13906fd2d7e883034831e361554c6086a8b6aed4a0013db7e

SHA512
a534458fab9b975f42cbaa43b696d7c11abcb9ccb6af9bc721910dc1942a3ec3fa18daa4b629e8f89e4397191162262f69779c43f6f4283ab48436b8368833a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe

Filesize
184KB

MD5
cfff8324f387568ec1b9c1558db0ed9d

SHA1
e7bb88c5f266d352439b4a1586ca0c3f2bd2291d

SHA256
f14d3c38c98296d275ed5bcd6ddeef7728a9430fcc99880f715c13250f5e3a87

SHA512
4265694289a6f0e24ee852831c1f1b90e2fd8f45a5b351d22916d78e0f6fc771df22923c00fc7172fd808467d9b5f30ac1b578d111336334b9cb6e2306491f61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe

Filesize
184KB

MD5
ff1c11c03a602bd2bc4c104e9976726c

SHA1
62024aad21519fb73695ec645dd90932c555a19f

SHA256
8b1eb1a91b8a9e50d259fea3576d27ebfe8f408331105a8696af5e64085d3707

SHA512
3e1bf1fa5aec2b35e8e1411cf0d75d77cb1022ebe0c8e5f72b435c00235b32d9102d1c7b1aaa867485065117f5bb6eb82645eb75c38e4e6d6be4d7df69e68374

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe

Filesize
184KB

MD5
e0b149626c6b70907a7c9d5789d87c47

SHA1
e0345d287cd799ec9085b8c360a588b673877a95

SHA256
bd5e818ee93bfaf462212c968b8262b5bb2a322a40d986ade93c408122aac3e0

SHA512
8fd312205219834f9e960cef477ccf479ea31fcc5d5ff4041c3ba231213131697cc04daeb0997cfb09a700c6dbd19307c32a34dbf11ebf3b9177c0b8f308e2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe

Filesize
184KB

MD5
eb581f4975b2bac8a0abba1be544b7f3

SHA1
bc0ce1f98c5ee3b5918194f55f20a3f680bee15b

SHA256
62537ed6c943ba26c18f32800bafc61aef1da2a1ad76193a9e98d7a842c872b3

SHA512
90559f619601a8ae3d3198cb4597ba5ba2bfe6fafc64d6744ee6f265a0db582f777c059d89815b4e0ef77580e5e58eb0c4cc7d5272d28f87c2ecf512c6cfa390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe

Filesize
184KB

MD5
3411a83f361d26547b50128abf40064e

SHA1
b3bf1884fe24a748084140fd2ef7889807ff3524

SHA256
667d504bb78f9900e4510a14d2f11150942d69d36e62dbbd4ccbb082410f4d82

SHA512
6c8fc87c6687b5a718bd2b1cdc72ef7369a3c65f2b84d6acef4ce7f749fd19e4119e11a671618c03eddee2f1f5960a1a7d828bf5e2312b03aa042a89e4b1d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57970.exe

Filesize
184KB

MD5
1df731704e4ce039df9d44d1c7f808da

SHA1
ed6d31c4cf3edeaeafd51c1e16c059715f8cb499

SHA256
bda5950486e673c3a33459a77ae3ad0b9f211b4361ecc0d1df3b854ab9065d63

SHA512
9233a95c035aa5bafcf64cff6dbdf87fad887a4c1b355a139f9ca9ec0b9ec483539c13588ef3ec90b1d80b47fd148481c3659e85fbf6c167a9d3501a5380e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe

Filesize
184KB

MD5
690683c7fa7efceae750656c9048557b

SHA1
4611cc08557e3934177ff71997b7472d1598a061

SHA256
21824d6e79f0505a58f5a069ad8416bec826438984ec6049925199fa7d7584b6

SHA512
50a21d0b74880f616fc5a96e15659ae901ba9387b783aaca692fe104a6fdfc7e2be0f7db12de1702143d46102b544a89e638173149b6d6e3fbddae456b59dd2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe

Filesize
184KB

MD5
a4f196bcca56796e5fed960837c5f6fc

SHA1
88c16f057287650d08176cdad310febfae52d464

SHA256
16f22d88b7c4349f37497dde7afc5c1be1fb8eead2b52ed758c7c230edca55a8

SHA512
0c781c123e0a408b48a52c9b400a9c93fda9747e3a209e56756b48e4ed666422bee937b858d36ec60078e677b690cd6fca78d6b6a075af61b8ba4a25ad9177fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe

Filesize
184KB

MD5
4091912be47adf6a98b6934e67bd5d1d

SHA1
1eb604b4bd4706b7a3a884165666c7af990dcd2e

SHA256
fd9835481f53f456c211857418a85ef62a13784118d9c32f5abeb7d163b0529a

SHA512
002bdca6a04aeb89567ed37175ad03b94ef3c43bbe232f457c14b38000adbadfe804a796c593ce84cf3d37bb3bf056e732eea9b8f9cdcff901a64b632f012cd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe

Filesize
184KB

MD5
1e873d156bb10d636bef533520061c97

SHA1
dd3e682a7acbb9e5cca2e60137ce8128a3343570

SHA256
45f13d3cbd65f2ec69679d7b61e151e0838332848b3aa0415c0c799b0ef3bdfa

SHA512
4173f932d10b6be3d8b4b263d8bc7d5d3cf13813b2edc4769f1aa66d6f3bc58c3da40b1cd4c0a55445fd573012e0075e27e43cd2546b8e7ecc8512c291d0e307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe

Filesize
184KB

MD5
7f5d5343a2616eecaf84ad59f7069af6

SHA1
4242203bf3b2a37b8bc0e12b24fb4dad351593d4

SHA256
3e363b8a71921b0e837e789586b5f700972147f0c19c2bbb68357115710e6cb5

SHA512
b01c7d8bd0280bd49c66e4bd11fba27137e09d9906d4b4775a40991998d0cde900c84c3f0f6e32ab454aaf3df67cf40b6eb403233440f63f048c091ec3a779a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe

Filesize
184KB

MD5
795be9b29074d006e7dac80b603d76be

SHA1
972f3656a9d7abf765141da0d37342d1b9586271

SHA256
3b25dfbff9fd17220eb3edd218e1dd0a61bf685630878b615302b238ebec93e5

SHA512
db1f67f466186b290190da8563933c2b9f20845ea4fcb705f2adde0243ea731b9e3d9b004633c4360b059c84cabae0888019cfa59ff585c35cb7f06255967a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe

Filesize
184KB

MD5
5cbc4f5efd70358adb0fa3b5e9524b57

SHA1
6ed922cd45d56af9c01b7a01a369df58c4ceffcc

SHA256
1f541a54e35123df91fc8357759ee42339550ca892e146f18e24534d207ba6c9

SHA512
d20cbe72c0a154989061a298500e524b73821e061790c1a4225ad87f1df4b7bfcf4b599af66c4f8e56efc73b2ea7f4b87d2817e5697e231fd6e4d1a944217cd2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads