5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe
Size

184KB
MD5

0cd04c4bcc3dda2aef616cfe32eaaa20
SHA1

71314b9b06cfa9da2e67fcbf308ca3ff8269fcc0
SHA256

5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6
SHA512

02b551b1be6ada46cf31821eea64cf24c64f77fc2b7d0da6796365cc0350be984ac379face627756b49a76f46f039a736d2a9f04cd4e0c0063ae5285486dedd9
SSDEEP

3072:9+djZk2icLE3pFytWI1kDVfzvMqJviu5p:9+w285Fy7kZfzEqJviu5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3904	Unicorn-31976.exe
3944	Unicorn-28224.exe
3524	Unicorn-16526.exe
3848	Unicorn-19488.exe
2044	Unicorn-3151.exe
2852	Unicorn-56991.exe
4484	Unicorn-5189.exe
4552	Unicorn-4023.exe
2924	Unicorn-33166.exe
1764	Unicorn-14303.exe
3992	Unicorn-63239.exe
3536	Unicorn-57374.exe
2700	Unicorn-51807.exe
2212	Unicorn-52295.exe
3048	Unicorn-30936.exe
2024	Unicorn-47848.exe
4012	Unicorn-52487.exe
4044	Unicorn-685.exe
4432	Unicorn-39488.exe
4876	Unicorn-51527.exe
4480	Unicorn-14023.exe
4536	Unicorn-38528.exe
4776	Unicorn-32397.exe
2196	Unicorn-5663.exe
2040	Unicorn-62270.exe
1960	Unicorn-62767.exe
3512	Unicorn-64288.exe
3364	Unicorn-41822.exe
3332	Unicorn-31808.exe
1288	Unicorn-43847.exe
1148	Unicorn-41320.exe
3164	Unicorn-37790.exe
2100	Unicorn-50064.exe
3412	Unicorn-41704.exe
3804	Unicorn-51910.exe
4140	Unicorn-58040.exe
4708	Unicorn-5310.exe
4352	Unicorn-24911.exe
5000	Unicorn-48912.exe
5024	Unicorn-4350.exe
100	Unicorn-24216.exe
4068	Unicorn-47758.exe
4448	Unicorn-37022.exe
1664	Unicorn-15856.exe
3864	Unicorn-15856.exe
4688	Unicorn-95.exe
4972	Unicorn-57464.exe
4660	Unicorn-34805.exe
1628	Unicorn-21070.exe
3424	Unicorn-40671.exe
2104	Unicorn-15669.exe
2708	Unicorn-44776.exe
4520	Unicorn-28440.exe
4616	Unicorn-8574.exe
3472	Unicorn-11646.exe
1324	Unicorn-43624.exe
4888	Unicorn-7422.exe
2472	Unicorn-59960.exe
3716	Unicorn-29133.exe
4228	Unicorn-58720.exe
3216	Unicorn-22518.exe
3068	Unicorn-9519.exe
4076	Unicorn-36062.exe
424	Unicorn-62207.exe

Program crash 24 IoCs

pid	pid_target	Process	procid_target
2476	4484	WerFault.exe	100
6276	4236	WerFault.exe	163
6660	5684	WerFault.exe	195
6748	6164	WerFault.exe	233
15044	7812	WerFault.exe	328
18512	17392	WerFault.exe	814
19340	17624	WerFault.exe	857
18524	17708	WerFault.exe	862
7756	6256	Process not Found	1151
8520	1244	Process not Found	1188
9128	18144	Process not Found	1154
15948	14704	Process not Found	1322
14700	14744	Process not Found	758
17452	8852	Process not Found	373
16072	9840	Process not Found	458
3428	15412	Process not Found	766
13116	13424	Process not Found	641
15700	13400	Process not Found	638
12820	14588	Process not Found	699
17092	7588	Process not Found	1184
15992	6348	Process not Found	418
9556	14316	Process not Found	687
10328	10788	Process not Found	530
16560	13996	Process not Found	649

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	19384	dwm.exe
Token: SeChangeNotifyPrivilege	19384	dwm.exe
Token: 33	19384	dwm.exe
Token: SeIncBasePriorityPrivilege	19384	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe
3904	Unicorn-31976.exe
3944	Unicorn-28224.exe
3524	Unicorn-16526.exe
3848	Unicorn-19488.exe
4484	Unicorn-5189.exe
2044	Unicorn-3151.exe
2852	Unicorn-56991.exe
4552	Unicorn-4023.exe
2924	Unicorn-33166.exe
1764	Unicorn-14303.exe
3992	Unicorn-63239.exe
2700	Unicorn-51807.exe
3536	Unicorn-57374.exe
2212	Unicorn-52295.exe
3048	Unicorn-30936.exe
2024	Unicorn-47848.exe
4012	Unicorn-52487.exe
4044	Unicorn-685.exe
4432	Unicorn-39488.exe
4536	Unicorn-38528.exe
4480	Unicorn-14023.exe
4876	Unicorn-51527.exe
2040	Unicorn-62270.exe
4776	Unicorn-32397.exe
2196	Unicorn-5663.exe
1960	Unicorn-62767.exe
3512	Unicorn-64288.exe
3364	Unicorn-41822.exe
3332	Unicorn-31808.exe
1288	Unicorn-43847.exe
1148	Unicorn-41320.exe
3164	Unicorn-37790.exe
2100	Unicorn-50064.exe
3412	Unicorn-41704.exe
4140	Unicorn-58040.exe
3804	Unicorn-51910.exe
4708	Unicorn-5310.exe
4352	Unicorn-24911.exe
5000	Unicorn-48912.exe
5024	Unicorn-4350.exe
3864	Unicorn-15856.exe
100	Unicorn-24216.exe
4448	Unicorn-37022.exe
4972	Unicorn-57464.exe
1664	Unicorn-15856.exe
2104	Unicorn-15669.exe
4660	Unicorn-34805.exe
1628	Unicorn-21070.exe
3424	Unicorn-40671.exe
4068	Unicorn-47758.exe
4688	Unicorn-95.exe
2708	Unicorn-44776.exe
4520	Unicorn-28440.exe
4616	Unicorn-8574.exe
3472	Unicorn-11646.exe
1324	Unicorn-43624.exe
4888	Unicorn-7422.exe
3716	Unicorn-29133.exe
2472	Unicorn-59960.exe
4228	Unicorn-58720.exe
3068	Unicorn-9519.exe
4076	Unicorn-36062.exe
424	Unicorn-62207.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 3904	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	91
PID 4212 wrote to memory of 3904	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	91
PID 4212 wrote to memory of 3904	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	91
PID 3904 wrote to memory of 3944	3904	Unicorn-31976.exe	94
PID 3904 wrote to memory of 3944	3904	Unicorn-31976.exe	94
PID 3904 wrote to memory of 3944	3904	Unicorn-31976.exe	94
PID 4212 wrote to memory of 3524	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	95
PID 4212 wrote to memory of 3524	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	95
PID 4212 wrote to memory of 3524	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	95
PID 3524 wrote to memory of 3848	3524	Unicorn-16526.exe	97
PID 3524 wrote to memory of 3848	3524	Unicorn-16526.exe	97
PID 3524 wrote to memory of 3848	3524	Unicorn-16526.exe	97
PID 3944 wrote to memory of 2044	3944	Unicorn-28224.exe	98
PID 3944 wrote to memory of 2044	3944	Unicorn-28224.exe	98
PID 3944 wrote to memory of 2044	3944	Unicorn-28224.exe	98
PID 3904 wrote to memory of 2852	3904	Unicorn-31976.exe	99
PID 3904 wrote to memory of 2852	3904	Unicorn-31976.exe	99
PID 3904 wrote to memory of 2852	3904	Unicorn-31976.exe	99
PID 4212 wrote to memory of 4484	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	100
PID 4212 wrote to memory of 4484	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	100
PID 4212 wrote to memory of 4484	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	100
PID 3848 wrote to memory of 4552	3848	Unicorn-19488.exe	103
PID 3848 wrote to memory of 4552	3848	Unicorn-19488.exe	103
PID 3848 wrote to memory of 4552	3848	Unicorn-19488.exe	103
PID 3524 wrote to memory of 2924	3524	Unicorn-16526.exe	104
PID 3524 wrote to memory of 2924	3524	Unicorn-16526.exe	104
PID 3524 wrote to memory of 2924	3524	Unicorn-16526.exe	104
PID 2044 wrote to memory of 1764	2044	Unicorn-3151.exe	105
PID 2044 wrote to memory of 1764	2044	Unicorn-3151.exe	105
PID 2044 wrote to memory of 1764	2044	Unicorn-3151.exe	105
PID 4212 wrote to memory of 3992	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	107
PID 4212 wrote to memory of 3992	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	107
PID 4212 wrote to memory of 3992	4212	5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe	107
PID 3904 wrote to memory of 3536	3904	Unicorn-31976.exe	108
PID 3904 wrote to memory of 3536	3904	Unicorn-31976.exe	108
PID 3904 wrote to memory of 3536	3904	Unicorn-31976.exe	108
PID 3944 wrote to memory of 2700	3944	Unicorn-28224.exe	109
PID 3944 wrote to memory of 2700	3944	Unicorn-28224.exe	109
PID 3944 wrote to memory of 2700	3944	Unicorn-28224.exe	109
PID 2852 wrote to memory of 2212	2852	Unicorn-56991.exe	112
PID 2852 wrote to memory of 2212	2852	Unicorn-56991.exe	112
PID 2852 wrote to memory of 2212	2852	Unicorn-56991.exe	112
PID 4552 wrote to memory of 3048	4552	Unicorn-4023.exe	113
PID 4552 wrote to memory of 3048	4552	Unicorn-4023.exe	113
PID 4552 wrote to memory of 3048	4552	Unicorn-4023.exe	113
PID 2924 wrote to memory of 2024	2924	Unicorn-33166.exe	114
PID 2924 wrote to memory of 2024	2924	Unicorn-33166.exe	114
PID 2924 wrote to memory of 2024	2924	Unicorn-33166.exe	114
PID 3848 wrote to memory of 4012	3848	Unicorn-19488.exe	115
PID 3848 wrote to memory of 4012	3848	Unicorn-19488.exe	115
PID 3848 wrote to memory of 4012	3848	Unicorn-19488.exe	115
PID 3524 wrote to memory of 4044	3524	Unicorn-16526.exe	116
PID 3524 wrote to memory of 4044	3524	Unicorn-16526.exe	116
PID 3524 wrote to memory of 4044	3524	Unicorn-16526.exe	116
PID 1764 wrote to memory of 4432	1764	Unicorn-14303.exe	117
PID 1764 wrote to memory of 4432	1764	Unicorn-14303.exe	117
PID 1764 wrote to memory of 4432	1764	Unicorn-14303.exe	117
PID 2044 wrote to memory of 4876	2044	Unicorn-3151.exe	118
PID 2044 wrote to memory of 4876	2044	Unicorn-3151.exe	118
PID 2044 wrote to memory of 4876	2044	Unicorn-3151.exe	118
PID 2700 wrote to memory of 4480	2700	Unicorn-51807.exe	119
PID 2700 wrote to memory of 4480	2700	Unicorn-51807.exe	119
PID 2700 wrote to memory of 4480	2700	Unicorn-51807.exe	119
PID 3992 wrote to memory of 4536	3992	Unicorn-63239.exe	120

C:\Users\Admin\AppData\Local\Temp\5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5292aab0da13a6eb2af0cca5912b2ac2cef217012cb3ba6b2340ecb0d072f8a6_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        9⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        10⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        10⤵
        
        PID:17648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        9⤵
        
        PID:17812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        9⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        9⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55790.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        8⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        9⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        10⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        10⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        10⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        9⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        9⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        9⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        8⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30743.exe
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        8⤵
        
        PID:19356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        7⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        7⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        10⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        10⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        10⤵
        
        PID:19148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        9⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        9⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        9⤵
        
        PID:19144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        8⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        8⤵
        
        PID:19000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        7⤵
        
        PID:18456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        8⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        7⤵
        
        PID:18904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        6⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        9⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        9⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        9⤵
        
        PID:18120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        8⤵
        
        PID:18860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35704.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        7⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56279.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64038.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        7⤵
        
        PID:18468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        7⤵
        
        PID:19104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        8⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        8⤵
        
        PID:18924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        7⤵
        
        PID:18932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        6⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        7⤵
        
        PID:19000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        6⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        7⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        7⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        5⤵
        
        PID:19216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        5⤵
        
        PID:18748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        8⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        8⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        8⤵
        
        PID:18436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        8⤵
        
        PID:19200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
        7⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        7⤵
        
        PID:19100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        7⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12119.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6045.exe
        8⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        8⤵
        
        PID:19252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        7⤵
        
        PID:17600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        7⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        8⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        7⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        7⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        7⤵
        
        PID:18656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        6⤵
        
        PID:228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42296.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47654.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        8⤵
        
        PID:19244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        7⤵
        
        PID:18472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        7⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36664.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        7⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
        7⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        6⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        6⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20902.exe
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-95.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        8⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        8⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        6⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        7⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        7⤵
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        6⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        7⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        7⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:19316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
        5⤵
        
        PID:18984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        5⤵
        
        PID:18648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27781.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        6⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        6⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14754.exe
        5⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
      4⤵
      PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16437.exe
      4⤵
      PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        8⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        7⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        7⤵
        
        PID:19192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        7⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        8⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8262.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54113.exe
        8⤵
        
        PID:17816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        7⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48376.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        7⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21117.exe
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        6⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        8⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        8⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        7⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38366.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        6⤵
        
        PID:19020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        6⤵
        
        PID:18528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-689.exe
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        8⤵
        
        PID:19012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        7⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        5⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        6⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19992.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        6⤵
        
        PID:19208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        6⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60050.exe
        6⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        5⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        5⤵
        
        PID:18508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-117.exe
      4⤵
      PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
      4⤵
      PID:19116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        6⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 496
        7⤵
        Program crash
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        6⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        7⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        7⤵
        
        PID:18692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        6⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40894.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41094.exe
        5⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        5⤵
        
        PID:19352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        7⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        5⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        5⤵
        
        PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15295.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        5⤵
        
        PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
      4⤵
      PID:19312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        7⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        7⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        7⤵
        
        PID:19388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
        6⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        6⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      4⤵
      PID:5684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 632
        5⤵
        Program crash
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        5⤵
        
        PID:19160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
      4⤵
      PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
      4⤵
      PID:18476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
        5⤵
        
        PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
      4⤵
      PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
      4⤵
      PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
    3⤵
    PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        5⤵
        
        PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
      4⤵
      PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      4⤵
      PID:19264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
    3⤵
    PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      4⤵
      PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46321.exe
      4⤵
      PID:6856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
    3⤵
    PID:10288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
    3⤵
    PID:13008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    3⤵
    PID:5224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        9⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43296.exe
        10⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        10⤵
        
        PID:17952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        9⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        9⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        8⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        8⤵
        
        PID:19200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        9⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        9⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        9⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        9⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        8⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        8⤵
        
        PID:18688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        8⤵
        
        PID:19212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
        8⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        8⤵
        
        PID:19140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        8⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        7⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42031.exe
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24712.exe
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        6⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        8⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        9⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        9⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        9⤵
        
        PID:19376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        8⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        8⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        8⤵
        
        PID:18704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        7⤵
        
        PID:19424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        8⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37462.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        6⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        7⤵
        
        PID:19216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        6⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        6⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        7⤵
        
        PID:18708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54239.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        5⤵
        
        PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        6⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 724
        7⤵
        Program crash
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        8⤵
        
        PID:18696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        8⤵
        
        PID:18504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        7⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54290.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exe
        6⤵
        
        PID:19344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        7⤵
        
        PID:18920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        7⤵
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        7⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        6⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        6⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        5⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        8⤵
        
        PID:19152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        7⤵
        
        PID:18584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        6⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        6⤵
        
        PID:18744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        7⤵
        
        PID:17708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17708 -s 436
        8⤵
        Program crash
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
      4⤵
      PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31006.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33045.exe
        6⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        5⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        5⤵
        
        PID:18540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44333.exe
      4⤵
      PID:18276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
      4⤵
      PID:19360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        8⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        8⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        8⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        8⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        7⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        6⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22269.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        5⤵
        Executes dropped EXE
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        7⤵
        
        PID:19224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54335.exe
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        7⤵
        
        PID:19132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30935.exe
        6⤵
        
        PID:16088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        7⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        6⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        6⤵
        
        PID:18448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17142.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        5⤵
        
        PID:18660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
        8⤵
        
        PID:19284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        6⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        6⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        6⤵
        
        PID:19376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        7⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18281.exe
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34846.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        6⤵
        
        PID:18444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        6⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        6⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        5⤵
        
        PID:19060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
      4⤵
      PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
      4⤵
      PID:19408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
        7⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 632
        8⤵
        Program crash
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        7⤵
        
        PID:19012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        6⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        7⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        7⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        5⤵
        
        PID:19084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        6⤵
        
        PID:16476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        5⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59097.exe
        5⤵
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19693.exe
        5⤵
        
        PID:17392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17392 -s 444
        6⤵
        Program crash
        
        PID:18512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        5⤵
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
      4⤵
      PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17806.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59839.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        5⤵
        
        PID:19176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11048.exe
        5⤵
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53921.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        5⤵
        
        PID:18568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
      4⤵
      PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
      4⤵
      PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
      4⤵
      PID:19236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
    3⤵
    PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64306.exe
        5⤵
        
        PID:19072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
      4⤵
      PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
      4⤵
      PID:19188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
    3⤵
    PID:9608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
    3⤵
    PID:15124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
    3⤵
    PID:19192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 632
    3⤵
    - Program crash
    PID:2476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29416.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        7⤵
        
        PID:19128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
        7⤵
        
        PID:19048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        6⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        6⤵
        
        PID:19444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        5⤵
        
        PID:19052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41542.exe
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29992.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40134.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        5⤵
        
        PID:18208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
      4⤵
      PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
      4⤵
      PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        5⤵
        
        PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17438.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        5⤵
        
        PID:14596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
      4⤵
      PID:12904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
      4⤵
      PID:8452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
    3⤵
    PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        5⤵
        
        PID:15228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27446.exe
      4⤵
      PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      4⤵
      PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
      4⤵
      PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
      4⤵
      PID:15528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
    3⤵
    PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
      4⤵
      PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      4⤵
      PID:19120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
    3⤵
    PID:14108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
    3⤵
    PID:700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62207.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        5⤵
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
      4⤵
      PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
      4⤵
      PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
      4⤵
      PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
    3⤵
    PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48160.exe
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      4⤵
      PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
      4⤵
      PID:19164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
      4⤵
      PID:17396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    3⤵
    PID:12000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
    3⤵
    PID:16248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
    3⤵
    PID:19392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
    3⤵
    PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
      4⤵
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        5⤵
        
        PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
      4⤵
      PID:14064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
      4⤵
      PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
      4⤵
      PID:18892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
    3⤵
    PID:9992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
    3⤵
    PID:13620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
    3⤵
    PID:17688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
    3⤵
    PID:19396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
  2⤵
  PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64968.exe
    3⤵
    PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
      4⤵
      PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
      4⤵
      PID:17624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17624 -s 436
        5⤵
        Program crash
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      4⤵
      PID:19176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
    3⤵
    PID:9476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
    3⤵
    PID:14320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
    3⤵
    PID:2860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
  2⤵
  PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
    3⤵
    PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47743.exe
    3⤵
    PID:13400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
    3⤵
    PID:17616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
  2⤵
  PID:10008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
  2⤵
  PID:13560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
  2⤵
  PID:16532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36002.exe
  2⤵
  PID:19448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4484 -ip 4484
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4236 -ip 4236
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5684 -ip 5684
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6164 -ip 6164
1⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7812 -ip 7812
1⤵
PID:14932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 17392 -ip 17392
1⤵
PID:18496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 17624 -ip 17624
1⤵
PID:19252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 17608 -ip 17608
1⤵
PID:19260

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:19384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe

Filesize
184KB

MD5
4ac2e580a59f52a6077268178095357e

SHA1
741542db3a850dd79ac4a12be766d6d8033a7682

SHA256
c24ad3936e320c56d7a495daf51d640125c1fb3928a8f1c0b4a6e84cd17356b5

SHA512
9a94b388cbab5801a0c8cc204307918c60d96e23908d33da47eb50ca029ad62569e45c8df32d3d665f6fc0583a20266073453e61bd22d5217991688bdb5c052f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe

Filesize
184KB

MD5
81edf94c45cb814400e462a615f5b882

SHA1
a75c0f656bdbb21518b76f5ea6e5e480e75cb0dc

SHA256
afb4dccc29dc2e2cf884173fba97fa4137f96b233d0ea128d19839939e244a02

SHA512
f94faefcf5094be8ccab9f89813a2751847ed3dc5b534efb1b8f22a4acaf0cbb90e89594214f88ab0b3098d498749beb63444a86066c23beb4e93d5abad69b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe

Filesize
184KB

MD5
d17ccefcb096ebf59ab818cd4cff0199

SHA1
49bbd06e0b984523623c6af5faf9fce4da12c682

SHA256
534827a416a7b0a8a349a22e587cde47d74e23abf573782eb788d6b20104688e

SHA512
9aaadb8445af60feac0a02ffdf22d54a6fc5101650e971ec77a385f8da9c9c7d4f03ad5e6154846fb73469d406f8bf77513aa99f56f72715f4787690524cb711

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe

Filesize
184KB

MD5
bdf1e6bc8d45384bd6021abaaada65bc

SHA1
d9a5cbe70aef213c928f524ef1adfbe4d19af12f

SHA256
68dc12f96df9e8be96a5bf0c9b9c67cde1bc3264ea9e9dbbd9646d84a3bf2c2d

SHA512
b0a8798922c90f501dc7c82a6c285873d21a83eef7d660ed43c458a0d8608b563b604869dbb94e5d33a6855e048d08122bf4d7ea2cc8a8941eaa9644c222acbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15058.exe

Filesize
184KB

MD5
34188bd4072b77ba7b5020e73aa35072

SHA1
51c75828577a465f16c6e276fd7b200769b15e21

SHA256
6602432364d55c27cee6b69681141785264246e1236723d0e53bcb55e8e430d0

SHA512
c6db1b81d011e46a3d0cb9276e5b57c87481741832188318a46df4c58259b2e2b86b4aeb86704e424839d8214253c2f5421c425ec3427d9125bf599fca7409b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe

Filesize
184KB

MD5
612fe1da514eb5e9645eeff6f9f44458

SHA1
4532432ebda8bbcfc58a9ccf9364218f802d3f34

SHA256
054aee250589068649d648016d8af5d421a5944d7e9d62f79c4f5e3477f1cda3

SHA512
fb7190e3552a38b6c9eef19a0f89a68736e5ad38cf2734c1b36865c5c5a4cdbbc180d097ce8bec26be217b202d842d910ef238d81052dfb6385a6ff4f9a97dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe

Filesize
184KB

MD5
ed8aa485f170e130deeac4d65164fa68

SHA1
edabe45f20e0c8bcb8781480eb01b2bd23c562a3

SHA256
db438b4c2bf90839cc1ebf742d74605ea90fecef35e0cd54725234336cdb5b7c

SHA512
bef6499b8bc4a1820fecc4338d77c067bb7a50b0edb8f5d75ec913bca4312a8bd60f3246fe598ca8a71218031f78e95c15ebf30bab454c9809059171601bb7bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19488.exe

Filesize
184KB

MD5
9db78e0bdc9395bef1f1f1bc8e4cc6bd

SHA1
8c2fd5a1e7981cb5bd0b42b0fff695f257a89efa

SHA256
ac78579105a0b824b55c0eb9705187fb2a530d6a61a1f7bd4003caf620d5338f

SHA512
9e4559a909c0828fe295cebee299737d8665d9b2108faf446309041a562f7acfe9e66962fb8118f039e8705a41cf5e5a7a9c6350b0e6bf571e5248b98ef063db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe

Filesize
184KB

MD5
3532d41df89c968a4b6b5f46a347d087

SHA1
003ed4e6a03fdf01f6ef98b00b28cf2c8b9d40ea

SHA256
150ef29346c03de704218714723eec0c04e33a31d938534869dc50e86d981eb4

SHA512
dbf749c619fbc3f44d9859cb181e5b738a2cb2e968870c6ba7552848ba45a961fab8d8853aa6b903c60ab9d059c869de56048a77a05b2d9cba480673715e8895

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe

Filesize
184KB

MD5
443e55c31c8e9dac775d067bca53f43b

SHA1
4572ee66be94e1e4147e5cced3ab97a1a2eb5471

SHA256
cf5eb9611de2386705e3be3dbe3bfa368ee6098d3b34d7cd2197ab1228547d6d

SHA512
a71f81d0cbfcc6362904c123b2a9503c417f671cfd5fbdc92e59eaab574dd9726dd3311645048770fc933154f1aea09234c69ff5bb8e92fb6d0b7e9f2977712d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe

Filesize
184KB

MD5
cfcdc27d3e136551ba77219a754e4066

SHA1
ee3763b17007c4169e1d0a63aa3f666f447a3821

SHA256
22a26df5f16b1a13390c36353c2bc879b6681763d745d3496595c2b8d0dc7c16

SHA512
81798a386924fea875a7e263b2f97b879f0189915d8b6b448db712a5b15ec9f963f702542648d2d6808ec414e3940a8fb90e8b26a14ec7fd5d1eafc728944c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe

Filesize
184KB

MD5
a1b4c4c915301f29317a404ab8759405

SHA1
be3cf40db1a5cfdd192026328e843a67664ae9e7

SHA256
b9d58a85464f2552f03cf980391252b1cac58ff121b368945599d2bc80fe4423

SHA512
b4d1234433fa7e38b17edf92da3b260f7f69e78ad021d5f845c5c48e94881b9fb560c944561549ff015890467fd132cda9ba3b4ca7dd026dcd98863c5da5eb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe

Filesize
184KB

MD5
192e43cec20f3ee2d20bfffe628b661d

SHA1
4222ff695de9340273f5f29b667e7e2f615debc7

SHA256
32e7fa3cae8a1a4226849a60141e9b15930958385bff9af8af8bd1a24bcd30b6

SHA512
3bca4b72a5bfac8ee9789bce3f607591f30a1337e07ecd678cce0fdf2694bf742fc87dfbcc292b1b1d242d1ae2cec3b65a1ec916c6d35db39445ebb9a7975baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe

Filesize
184KB

MD5
0b71d4cc109dc8d4dc5b459bbe533872

SHA1
56aebb58ed62af2611ee3f719c3b5523c6feffe6

SHA256
bcca183f2005b4ac2f711bc55fa2992654ad7ce0728393c4052fa9d4cd92f294

SHA512
9a310ff44b148dcf3026598d1b7c8320f27aabc7978de4f0e4ed8fafa2aa07c3b793ab8e72da1872a09080a02d145e427dbac6c481798d43e0b2c9a2d29e2731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe

Filesize
184KB

MD5
662483c36ddd7de86968b39a67ea1280

SHA1
8f469f1c6c6df2b536df22684d21d5936a05cca5

SHA256
27a1c1292c34046d0bbd79d51da1cdb75a3ac7b7f6a937a34d3335af9ecdbe4c

SHA512
3cdd3b74188cf4c77e92516bfa95812c92c9eef57dddcf2d82edce1699dcf1fa3345c0f0dc5532deeb83b03319cf4759e3f974ca1ed70cc7e8cf0ce16f12d30a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe

Filesize
184KB

MD5
4f4f84e4172720ee455c733bd2069a28

SHA1
fb555413197c6783a663880854d80365f792326b

SHA256
cb031188140b4c8521619f7231176811f7f3f0a88638ef33f3e269aa46864b1a

SHA512
7f2af03af2881d162c21bb2f8c6bed9523f7d3fc2b0cbbb0da10b58446117527fb83568f0a8596f0628e61b53de37af92c74cbc070f7d30ec9d4308c435364f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe

Filesize
184KB

MD5
aa6d06e6071d30cdf07b041e26d4c6df

SHA1
01f925ed56e36a258315d93c68bfa9714547c4a3

SHA256
e2914b991f582539078babdafb593dfad7073de079b696b04250a31ccef71611

SHA512
eb51f64f6b3d8399b11734115f05326124f068f458984455e583ff6fa6507d256ef20b68111759c6673a997ffd6616909cb030c77ef03098084ba17737775d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe

Filesize
184KB

MD5
a2fec5968c213c4cd021ae1eccd9e108

SHA1
3b899a97fa095dbf465bdf97c348ea90470ebd80

SHA256
420f5d2fc17fca7ff4535db3aecc51b2aafc69d9ecce4b0b8397d384d18ec464

SHA512
0aebf60daa9a03050e6ee3efbcdf0e684f12b20622c462b52be1b88f3ed0477503501ee97fea4fa0a562ba7c31f4e6a0e987b10847b52a6ffefafc5904d5d2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe

Filesize
184KB

MD5
a4de2ca36b04c84434adff331cb9a201

SHA1
334a8a38f751bef25153a417203105e4e882e4e0

SHA256
5780c3fd79d21c0f8bbb097633903c360b5d1d94444087a9b833c71884577540

SHA512
26f3a662de4083b2438f737fd8126fec69754678b8a469d3bcfc3947bf3111aec395efd060d1378bddcdb16a5d8d1a47da702b40429f8347c179af8c80f3f6ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe

Filesize
184KB

MD5
6d2eeeb855439f8f3a00dd877606996c

SHA1
8bd275dec662577da24e9f4b6b29e806686e7094

SHA256
3cf407425fe7a0311d50cdefa220a4b0185a9d8031ed1bf591799570654227c7

SHA512
828db0b510db16acd99b917933677cbd1172cda9e46ec31d0fb23cacb0e4445d727984431d37067c69ae70fea06205c806fb0d1369c42c719a0ff11f3a12c798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe

Filesize
184KB

MD5
c36814af5405dad936705e2d10e530e4

SHA1
ecccc6a04a6831149f575328c31fe9a07de14ac0

SHA256
16f563a8e2a30e703176ad1f71accf1232464dd34cc1cd3c93e82d504a692966

SHA512
bfad4a73868c2c7456ab8d7de8d21a82d08819f7e150d15f5f021c679e36ce7f33f8de9fffd6b1e3db66c7d17cb125ae486011e28a9417907bc04f1e384a6248

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42470.exe

Filesize
184KB

MD5
41f2a77802ac68bd6009e5cf4329c2b3

SHA1
8fb1ba178a7ffe839b9ba735046c7472931a8c71

SHA256
b37f9042b69737f06a75c13aa68430e729f8d8af24b0174ddb5416f0b135edd8

SHA512
63cdaf09e181d07ca046d0a8cb3a15e89643993d5bf5cf854ff1c67623e509a7b57985baf0f8c0ed04049aece277ca055ca2aad1aec6b634b72fbcfe735543de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43847.exe

Filesize
184KB

MD5
2d1007ca46c4977cf43445a1bc3f2237

SHA1
4fd264d48314c93aa0f422e4f7fad18ffa65d65b

SHA256
a4e3c583f6391bcc317410cabb0ff6d4771d5a5688f8301014b5e60881b9c5cb

SHA512
9ba05db43fec38e032d5b6d943aa2a0fa896ad3b32f0eb2e74c73e4854be6be174f5de750e7c2b0d07a9c65eb60ff8bd417aa6042ffc63bcc2fc4bcc95de959c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe

Filesize
184KB

MD5
5a93b8f4a44490b9be327ec8fccd61b5

SHA1
84ec83fb5a1cfa844a712174937c4963a225e45c

SHA256
1fb0193e2c4ac2bc2b89d36cda45d08053faf76f4d0fb2a69886c45b4c6e1553

SHA512
78a7e747a976dd6d833e99e802190539792b40ee1ab355b429f6b714b3e5d09c963f2c4ab5b7a32ae74fb64346e8023105171d3d24b093a366b1b41e51801698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe

Filesize
184KB

MD5
016371eb9723bc098d4babdad1e4747d

SHA1
ce9929c95aee2f49b8198285b7f71ab1ef8396d4

SHA256
8d3d93620d72383a5869c6fa48af900c67d87f52c9828dd5100ad1346ab2f5fd

SHA512
2ca37689038a391466fa22bfb82702bde79de63e0b57a869714d1eef0e07b2ba9ecdfb7234e4a18f6e76f75d663aa30943e6cfa9a05220e1c3ef21f8477b8d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe

Filesize
184KB

MD5
dda8675269d2c5fe0e8963bbee0f053f

SHA1
9344fb17d50ba18bd62efad8e354ceda6af3aa72

SHA256
4c95f8b45648b2fdc1e8d8389ef319c25d752723eb031b951f8986fe6bdd1721

SHA512
5fc92c365048c428288aec365e658a0588835390edeb107a9ef1b8b60e184f2e9ccbb31ac9080ce325c88be64d3bba9a7d84188566e7dfceda4dcc9fc6ba0f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe

Filesize
184KB

MD5
1bff15d1ec8a90515f0dae38b79d1de4

SHA1
541a771d466cfe9bfbfc5737706be0580c744a1c

SHA256
bae5b86f8fc774895c3ee8efee1a0206711d9da68c13691dcfccb37ccf092e5e

SHA512
2ca69319de43162e288c2b077ed7b3f7f591260f11bf59a0f6513e435b52bc9495e4fd7386a332a325a19ca1f567de487da5301c85c3ce6d0f568fad6b0144a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe

Filesize
184KB

MD5
76b3b67b1f53be36fdb4a62e4cf24af4

SHA1
dc45afed1a312ad32434e90b20348d33081c40b2

SHA256
8d7e4e79259d89a2cc482c317aa3be1cc9a03d6305351ab4bf0501936bbc9ff8

SHA512
f8422b10bc20268aae659c1492b3b801ab45cb416d30968d866e5023d671baa2f85c498e41c1ec80acb76aedf54999e20acd8f9eb05c39cc9382b498cec9702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe

Filesize
184KB

MD5
4e081675a0ea6f1b2edc20914ad38c19

SHA1
1d588a3f395f4acaaa8d0be453a1141a16b32c3f

SHA256
c564d74d3f5553b90078866a6aea699282092ecf7e309a7574e73fd8d04cfca3

SHA512
f032542f1a3b7e5898afeac0c1a3cf26fd424aad73e938d9ccfe04dc796e3795ba25cc170da2c8ff603ff016691e2f537efcd164e2653bfea15d293479e14368

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe

Filesize
184KB

MD5
11e9cae63ceb8e2e4339427aa1eac949

SHA1
cbded37425ef843e5a5dfe4d4a544091f742153e

SHA256
7a7c1de311d0b5451cb74cc0bff190728a0ad2609b36262e1473b8faa91bb9b5

SHA512
f8374c44300a61d49711533f6f5847025e04ec0d556ab3c9e363f3b2ae30340e3cb66f3902e0b861888ea6b77a633778fc57852c7154537c13420579a2eaaa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe

Filesize
184KB

MD5
a6c7e94e3db3480416cb44a89632c1d3

SHA1
c38873f41110b7b189c149632c4e461affca8fc2

SHA256
27c88aee52b2186fbab6772724da6d6cf14884b1f656250f9008ea35709182e0

SHA512
105198d08f718e5c37e5a39805f2407587dc7764668b6bc0b9f315792bba038707c6344bfa9d9bf7dff384c443b9e280e55eeb00ae873171bc6e5285479c5f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe

Filesize
184KB

MD5
4f00227caef680732718adab49232e7f

SHA1
aac6499675de58aa9f651515c8c56dc7f4cdd693

SHA256
32e2119d81688e917ccde6cfe1eb0fc64325d7ecf71587902cc24ed2e90cfedb

SHA512
052b105ba6cc490a9329e869889fb17351fd72c9c14c8906e1126f3331eb32267b7eed611054b9f7140fa0be6cafaa93f9de796b6835fd1bbc286d7e918d1544

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe

Filesize
184KB

MD5
b7aa49c243d57e6b563aa2cebdddf4ec

SHA1
30d543f060407aa213c729e6eeeebcb82038a377

SHA256
12bbaa1874de8a8f9b6256672358b54e6920a5f387b785d6fd87e540453bcac9

SHA512
ad472b74e81fd9f10598640ec333f49e011843269271e6c3a9505bd5ce2a63ceda4c299a2689327ced427a64bf256fff0050f70aa08b02c6d867bfcac8ff06d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe

Filesize
184KB

MD5
4eaa7994673910d282f077fcc6bb0bda

SHA1
006d2c5c6bc264df7ebd7c85cdb8f425665916a5

SHA256
7e78f7aab20b731446bf6881eff973aeaac4f38ab0dcc95cfcd3997b0c50d27a

SHA512
1a4eba1147803f002df7050444cd87f3bec2988b34f01b8a70ccff3a31e5bcfba5e6a778be6775e65df90064c96881527401764a34e00b00207c9cba14ac99e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe

Filesize
184KB

MD5
89331f56e4260e5145608059ef044f1d

SHA1
cb7ab62a779c2891ea66a6fb9483b2f6dd1de04b

SHA256
66cfd994b69b4a710e71c9ebe987a509eadbbdcec6de58862ae3752650be4262

SHA512
8da4844de2c2124dd94d28d85dcd4a5a9ac24aaa5811e51de1724b95ca8fcd1269627af1cd5d97caae48ce25b600dc4cd84de1e7813ffcac572cbdcd43ee4819

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe

Filesize
184KB

MD5
28bbeda16f366c2fc250e4b15e2b9d6a

SHA1
c16e75714fb4f347ea49b7717b85bf0e24045a6d

SHA256
b788d01d287c433105db1682227a0b175b195f6e410b7a95b05e618edbf4b2f3

SHA512
46c7e5211fe3ff264f5e76692eee02a6d68a45c530b2b1161edcbfb11c5cd4f1998c76063de9ba25d62ccb29629bb408073cb578ae9878f486c4d7e105fb1a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62767.exe

Filesize
184KB

MD5
4dfa67a8cc8f606b6d2ad51b525c674d

SHA1
051dbd1ef46687f0051a235a9863695027b024f4

SHA256
52f3bc5f35a98260639c7edbc2a0b6afdd68c2a656bbd1f138b1d234ac8dd719

SHA512
b8c133a6f6b8fc862d14792c6f86c4830df0e87db61b002076a504ed2c35e761cb20028caaa59c55932766ee4f38f95d895aa75fbf6c4812c7982b0d1b2246f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe

Filesize
184KB

MD5
299b55151efaf875f13cb071fdce7c73

SHA1
ae3a390bf36c578f03cffaeef5001bfced1843dd

SHA256
4e2474dfe5c3dc99331ed9f25d844127da900d50f24ca53d8cab59b23dc81ebc

SHA512
7cdf5cf8fb262bde323f04092f93e67546077a562c8c4fc36cd0293e4e57f6001c6cc6bc9b079a2baadfd0a6a026eaf83d205a258c18698f8558a23e69c9f696

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64288.exe

Filesize
184KB

MD5
3a9948b36a6194b8d69cdb83e05acd73

SHA1
c573ad578a0f79987bb94118ed6d759fbbbbcbe1

SHA256
f8d65c195363fb50193aa4511bb7c769521006097315a24e1e8298aef5307a1a

SHA512
fdd89621be013962851e000dca55e2bcd746b1773e77d31f3095b883328728032143a774101b1585396fb6980d1fa7a59473b5a285518b4caffeff3f0ea35361

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe

Filesize
184KB

MD5
592ac015fc302c2c4ce88e7d89349875

SHA1
6d52a54e989267dcfcb8eee6f4598bda9db047a5

SHA256
41e23670fdddef7438a1a1ec32a1b19cd4218889b2155b53a3b86b7cabbcc1f5

SHA512
8110bc3a90cf31d697b3ce2aa8ba621af6f47598df4026e3fb9272c76eff68db274b7561e29b835f681f082ef00fe900ad8b1e85536c89320bfafd4e16891f0d

Download Submit
memory/3164-5399-0x00000000775A0000-0x00000000775C4000-memory.dmp

Filesize
144KB

Download
memory/5720-5547-0x00007FFCE9F30000-0x00007FFCE9F89000-memory.dmp

Filesize
356KB

Download
memory/10128-5748-0x0000000074EB0000-0x0000000074F4B000-memory.dmp

Filesize
620KB

Download
memory/10736-5997-0x00007FFCE9D00000-0x00007FFCE9D83000-memory.dmp

Filesize
524KB

Download
memory/11464-5867-0x0000000075D50000-0x0000000075F65000-memory.dmp

Filesize
2.1MB

Download
memory/14768-5464-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15352-4209-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15388-6000-0x0000000076DB0000-0x0000000076E2A000-memory.dmp

Filesize
488KB

Download
memory/15388-5999-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16556-4734-0x0000000075910000-0x00000000759CF000-memory.dmp

Filesize
764KB

Download
memory/18924-5864-0x0000000075340000-0x00000000753B4000-memory.dmp

Filesize
464KB

Download
memory/19120-4416-0x0000000075630000-0x00000000757D0000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads