668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1

Analysis

max time kernel
138s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 02:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe
Size

468KB
MD5

e2346c359dec27e6010e3c6d7f700b00
SHA1

c14f7d25c8e8bd4b7d7a87fa7ededdcc76d197d6
SHA256

668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1
SHA512

228835ca630738b4765d877db8e8e91b7403b40e297df72562f76bdfe6a24db39469e01c0ed330b9f0e02c9ecae01f1a310617b0d0a530562f6096f49313d1e5
SSDEEP

3072:PE+UogIdI05UtbYozzIjcf8/EChvPIpjnmHexVh74jl8DXNu8Mlw:PE5ow8UtDzMjcf20Ft4jabNu8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4064	Unicorn-19266.exe
940	Unicorn-48578.exe
3280	Unicorn-12184.exe
4876	Unicorn-47717.exe
3756	Unicorn-61593.exe
1088	Unicorn-64930.exe
4080	Unicorn-58800.exe
2672	Unicorn-51490.exe
2360	Unicorn-14027.exe
2340	Unicorn-1028.exe
1632	Unicorn-50841.exe
3636	Unicorn-21314.exe
4548	Unicorn-50457.exe
2552	Unicorn-64192.exe
3172	Unicorn-63913.exe
1264	Unicorn-561.exe
2192	Unicorn-19419.exe
2824	Unicorn-7105.exe
2944	Unicorn-65251.exe
2884	Unicorn-54661.exe
1472	Unicorn-54661.exe
1508	Unicorn-6337.exe
4012	Unicorn-15474.exe
4500	Unicorn-52009.exe
1156	Unicorn-39202.exe
2112	Unicorn-46416.exe
2424	Unicorn-54012.exe
2356	Unicorn-35480.exe
1680	Unicorn-17765.exe
3244	Unicorn-45376.exe
4712	Unicorn-4033.exe
2536	Unicorn-32107.exe
4364	Unicorn-51973.exe
3044	Unicorn-30383.exe
4492	Unicorn-48060.exe
4768	Unicorn-21221.exe
1016	Unicorn-39899.exe
4600	Unicorn-26709.exe
3972	Unicorn-9723.exe
1720	Unicorn-11908.exe
4428	Unicorn-24523.exe
3176	Unicorn-12593.exe
5032	Unicorn-18738.exe
2320	Unicorn-11140.exe
2008	Unicorn-27669.exe
808	Unicorn-28089.exe
4740	Unicorn-28354.exe
4576	Unicorn-50828.exe
4988	Unicorn-62837.exe
2368	Unicorn-10756.exe
3268	Unicorn-8383.exe
3144	Unicorn-56428.exe
2448	Unicorn-26059.exe
5108	Unicorn-63522.exe
5048	Unicorn-24527.exe
428	Unicorn-43656.exe
3800	Unicorn-30658.exe
1116	Unicorn-13828.exe
384	Unicorn-14897.exe
4244	Unicorn-1960.exe
212	Unicorn-29900.exe
1420	Unicorn-52121.exe
1684	Unicorn-5764.exe
2328	Unicorn-38245.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
6300	5424	WerFault.exe	203
9096	2080	WerFault.exe	154
12228	6004	WerFault.exe	237
264	6016	WerFault.exe	238
18404	15440	WerFault.exe	760
3556	15580	WerFault.exe	773

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	2084	dwm.exe
Token: SeChangeNotifyPrivilege	2084	dwm.exe
Token: 33	2084	dwm.exe
Token: SeIncBasePriorityPrivilege	2084	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe
4064	Unicorn-19266.exe
940	Unicorn-48578.exe
3280	Unicorn-12184.exe
4876	Unicorn-47717.exe
4080	Unicorn-58800.exe
3756	Unicorn-61593.exe
1088	Unicorn-64930.exe
2672	Unicorn-51490.exe
2360	Unicorn-14027.exe
3636	Unicorn-21314.exe
1632	Unicorn-50841.exe
2340	Unicorn-1028.exe
4548	Unicorn-50457.exe
2552	Unicorn-64192.exe
3172	Unicorn-63913.exe
1264	Unicorn-561.exe
2192	Unicorn-19419.exe
2824	Unicorn-7105.exe
2944	Unicorn-65251.exe
2424	Unicorn-54012.exe
1472	Unicorn-54661.exe
2884	Unicorn-54661.exe
4012	Unicorn-15474.exe
2112	Unicorn-46416.exe
2356	Unicorn-35480.exe
4500	Unicorn-52009.exe
1508	Unicorn-6337.exe
1156	Unicorn-39202.exe
1680	Unicorn-17765.exe
3244	Unicorn-45376.exe
4712	Unicorn-4033.exe
2536	Unicorn-32107.exe
4364	Unicorn-51973.exe
3044	Unicorn-30383.exe
4492	Unicorn-48060.exe
4768	Unicorn-21221.exe
1016	Unicorn-39899.exe
4600	Unicorn-26709.exe
3972	Unicorn-9723.exe
1720	Unicorn-11908.exe
4428	Unicorn-24523.exe
3176	Unicorn-12593.exe
5032	Unicorn-18738.exe
2320	Unicorn-11140.exe
2008	Unicorn-27669.exe
4576	Unicorn-50828.exe
808	Unicorn-28089.exe
4740	Unicorn-28354.exe
4988	Unicorn-62837.exe
2368	Unicorn-10756.exe
5108	Unicorn-63522.exe
3268	Unicorn-8383.exe
428	Unicorn-43656.exe
5048	Unicorn-24527.exe
2448	Unicorn-26059.exe
3800	Unicorn-30658.exe
3144	Unicorn-56428.exe
1116	Unicorn-13828.exe
4244	Unicorn-1960.exe
384	Unicorn-14897.exe
212	Unicorn-29900.exe
1420	Unicorn-52121.exe
2328	Unicorn-38245.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 4064	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	84
PID 4824 wrote to memory of 4064	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	84
PID 4824 wrote to memory of 4064	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	84
PID 4064 wrote to memory of 940	4064	Unicorn-19266.exe	87
PID 4064 wrote to memory of 940	4064	Unicorn-19266.exe	87
PID 4064 wrote to memory of 940	4064	Unicorn-19266.exe	87
PID 4824 wrote to memory of 3280	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	88
PID 4824 wrote to memory of 3280	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	88
PID 4824 wrote to memory of 3280	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	88
PID 940 wrote to memory of 4876	940	Unicorn-48578.exe	91
PID 940 wrote to memory of 4876	940	Unicorn-48578.exe	91
PID 940 wrote to memory of 4876	940	Unicorn-48578.exe	91
PID 4064 wrote to memory of 3756	4064	Unicorn-19266.exe	92
PID 4064 wrote to memory of 3756	4064	Unicorn-19266.exe	92
PID 4064 wrote to memory of 3756	4064	Unicorn-19266.exe	92
PID 3280 wrote to memory of 1088	3280	Unicorn-12184.exe	94
PID 3280 wrote to memory of 1088	3280	Unicorn-12184.exe	94
PID 3280 wrote to memory of 1088	3280	Unicorn-12184.exe	94
PID 4824 wrote to memory of 4080	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	93
PID 4824 wrote to memory of 4080	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	93
PID 4824 wrote to memory of 4080	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	93
PID 4876 wrote to memory of 2672	4876	Unicorn-47717.exe	95
PID 4876 wrote to memory of 2672	4876	Unicorn-47717.exe	95
PID 4876 wrote to memory of 2672	4876	Unicorn-47717.exe	95
PID 940 wrote to memory of 2360	940	Unicorn-48578.exe	96
PID 940 wrote to memory of 2360	940	Unicorn-48578.exe	96
PID 940 wrote to memory of 2360	940	Unicorn-48578.exe	96
PID 4080 wrote to memory of 2340	4080	Unicorn-58800.exe	97
PID 4080 wrote to memory of 2340	4080	Unicorn-58800.exe	97
PID 4080 wrote to memory of 2340	4080	Unicorn-58800.exe	97
PID 4824 wrote to memory of 1632	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	98
PID 4824 wrote to memory of 1632	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	98
PID 4824 wrote to memory of 1632	4824	668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe	98
PID 3756 wrote to memory of 3636	3756	Unicorn-61593.exe	99
PID 3756 wrote to memory of 3636	3756	Unicorn-61593.exe	99
PID 3756 wrote to memory of 3636	3756	Unicorn-61593.exe	99
PID 3280 wrote to memory of 4548	3280	Unicorn-12184.exe	100
PID 3280 wrote to memory of 4548	3280	Unicorn-12184.exe	100
PID 3280 wrote to memory of 4548	3280	Unicorn-12184.exe	100
PID 4064 wrote to memory of 2552	4064	Unicorn-19266.exe	101
PID 4064 wrote to memory of 2552	4064	Unicorn-19266.exe	101
PID 4064 wrote to memory of 2552	4064	Unicorn-19266.exe	101
PID 1088 wrote to memory of 3172	1088	Unicorn-64930.exe	102
PID 1088 wrote to memory of 3172	1088	Unicorn-64930.exe	102
PID 1088 wrote to memory of 3172	1088	Unicorn-64930.exe	102
PID 2672 wrote to memory of 1264	2672	Unicorn-51490.exe	103
PID 2672 wrote to memory of 1264	2672	Unicorn-51490.exe	103
PID 2672 wrote to memory of 1264	2672	Unicorn-51490.exe	103
PID 4876 wrote to memory of 2192	4876	Unicorn-47717.exe	104
PID 4876 wrote to memory of 2192	4876	Unicorn-47717.exe	104
PID 4876 wrote to memory of 2192	4876	Unicorn-47717.exe	104
PID 2360 wrote to memory of 2824	2360	Unicorn-14027.exe	105
PID 2360 wrote to memory of 2824	2360	Unicorn-14027.exe	105
PID 2360 wrote to memory of 2824	2360	Unicorn-14027.exe	105
PID 940 wrote to memory of 2944	940	Unicorn-48578.exe	106
PID 940 wrote to memory of 2944	940	Unicorn-48578.exe	106
PID 940 wrote to memory of 2944	940	Unicorn-48578.exe	106
PID 3636 wrote to memory of 2884	3636	Unicorn-21314.exe	107
PID 3636 wrote to memory of 2884	3636	Unicorn-21314.exe	107
PID 3636 wrote to memory of 2884	3636	Unicorn-21314.exe	107
PID 1632 wrote to memory of 1472	1632	Unicorn-50841.exe	108
PID 1632 wrote to memory of 1472	1632	Unicorn-50841.exe	108
PID 1632 wrote to memory of 1472	1632	Unicorn-50841.exe	108
PID 2552 wrote to memory of 1508	2552	Unicorn-64192.exe	111

C:\Users\Admin\AppData\Local\Temp\668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\668888c5c70f91965fdb9ed3b46c9ff07886165277244bc01b6f77dad62f42a1_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        8⤵
        Executes dropped EXE
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        11⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        11⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        11⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        10⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        10⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        9⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        9⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        9⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        9⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26594.exe
        9⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        9⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        9⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        8⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        8⤵
        
        PID:17312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        9⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        10⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        10⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
        9⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        9⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        9⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        9⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        7⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        8⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        8⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13556.exe
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26658.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        10⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        10⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        10⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
        9⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        9⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        9⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        9⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        8⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        9⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        8⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        8⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        6⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        9⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 624
        9⤵
        Program crash
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 636
        8⤵
        Program crash
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        7⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        8⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        8⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        7⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        7⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        6⤵
        
        PID:17500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        6⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        9⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        9⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        9⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        8⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        7⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1844.exe
        8⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 608
        7⤵
        Program crash
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        7⤵
        
        PID:16836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        7⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        6⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        5⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        9⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        9⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        9⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        9⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        8⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
        7⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        7⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47772.exe
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        7⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        8⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        8⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        7⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        7⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        6⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        6⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        6⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        6⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        9⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        9⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        8⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        8⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        6⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        5⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        7⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        6⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        6⤵
        
        PID:17956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        5⤵
        
        PID:17204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        6⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        6⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        5⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        5⤵
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62755.exe
      4⤵
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        7⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        7⤵
        
        PID:17740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        5⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8671.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        5⤵
        
        PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      4⤵
      PID:15416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        8⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        9⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        9⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        8⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        8⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        8⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        8⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        8⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        9⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57077.exe
        6⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51132.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        7⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        7⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        5⤵
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        7⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
        5⤵
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        6⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        5⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        7⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        7⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35824.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        5⤵
        
        PID:17236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47420.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        7⤵
        
        PID:18196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53120.exe
        5⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2728.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        5⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        5⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        5⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        5⤵
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        7⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
        7⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        7⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        7⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46425.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        7⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        6⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        5⤵
        
        PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        7⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        6⤵
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32150.exe
        5⤵
        
        PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11090.exe
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        5⤵
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      4⤵
      PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
      4⤵
      PID:18408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        7⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        6⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        6⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
      4⤵
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22888.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        5⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        5⤵
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
      4⤵
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        6⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        7⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        5⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        5⤵
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
      4⤵
      PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
      4⤵
      PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
    3⤵
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:8604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16571.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
      4⤵
      PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
    3⤵
    PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
      4⤵
      PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60378.exe
    3⤵
    PID:10116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
    3⤵
    PID:14344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
    3⤵
    PID:6576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12184.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        9⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        9⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        9⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18994.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        7⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        7⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        7⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14303.exe
        6⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        9⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        9⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        7⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
        6⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        5⤵
        
        PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        7⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        6⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        6⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        6⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        6⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4481.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        8⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        6⤵
        
        PID:12516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        6⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        6⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        6⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14146.exe
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        5⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
      4⤵
      PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        7⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        7⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        6⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        7⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        6⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        6⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        5⤵
        
        PID:14528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
        6⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        5⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
        7⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        6⤵
        
        PID:13184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
        6⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        6⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19711.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        5⤵
        
        PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        6⤵
        
        PID:10632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        6⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        5⤵
        
        PID:13692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        5⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        5⤵
        
        PID:17768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
      4⤵
      PID:14480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        6⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
      4⤵
      PID:15440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15440 -s 436
        5⤵
        Program crash
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
      4⤵
      PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
      4⤵
      PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
    3⤵
    PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      4⤵
      PID:13728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
      4⤵
      PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      4⤵
      PID:224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
    3⤵
    PID:10096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
    3⤵
    PID:14352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        6⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        6⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        5⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65088.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        6⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        7⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24875.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        5⤵
        
        PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        5⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
        5⤵
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
      4⤵
      PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51943.exe
      4⤵
      PID:16276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        5⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        7⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        6⤵
        
        PID:17828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7741.exe
        5⤵
        
        PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21467.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        6⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        5⤵
        
        PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
      4⤵
      PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        5⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37739.exe
        5⤵
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      4⤵
      PID:17360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18373.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        6⤵
        
        PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
      4⤵
      PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57856.exe
      4⤵
      PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51040.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
    3⤵
    PID:7028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
    3⤵
    PID:8024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
    3⤵
    PID:10420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
    3⤵
    PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
    3⤵
    PID:16640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62837.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        5⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        6⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        5⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        5⤵
        
        PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47980.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        6⤵
        
        PID:15580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15580 -s 460
        7⤵
        Program crash
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
      4⤵
      PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      4⤵
      PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        6⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        5⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        5⤵
        
        PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
      4⤵
      PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
      4⤵
      PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
      4⤵
      PID:17384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    3⤵
    PID:5424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 632
      4⤵
      Program crash
      PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
      4⤵
      PID:12420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
      4⤵
      PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
      4⤵
      PID:17052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-82.exe
    3⤵
    PID:9520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
    3⤵
    PID:13468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
    3⤵
    PID:16156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        6⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        6⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        5⤵
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
      4⤵
      PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        5⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
      4⤵
      PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
      4⤵
      PID:7976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
    3⤵
    PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        5⤵
        
        PID:17564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
      4⤵
      PID:11636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
      4⤵
      PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      4⤵
      PID:9096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
    3⤵
    PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
    3⤵
    PID:13640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
    3⤵
    PID:18024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49314.exe
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        5⤵
        
        PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
    3⤵
    PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
      4⤵
      PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
      4⤵
      PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
    3⤵
    PID:10648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
    3⤵
    PID:14756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
  2⤵
  PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57900.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      4⤵
      PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
      4⤵
      PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
    3⤵
    PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
    3⤵
    PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
    3⤵
    PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
  2⤵
  PID:6972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
    3⤵
    PID:11496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
    3⤵
    PID:15756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    3⤵
    PID:7404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
  2⤵
  PID:10204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
  2⤵
  PID:14392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
  2⤵
  PID:17040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
  2⤵
  PID:17448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5424 -ip 5424
1⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2080 -ip 2080
1⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6004 -ip 6004
1⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6016 -ip 6016
1⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 16272 -ip 16272
1⤵
PID:18376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe

Filesize
468KB

MD5
511967875edaaa3cc2a4fabfdf3271cc

SHA1
36cf3afee55a3a70e0f18c2add5be232f3c805c7

SHA256
23af4a6468733cc5d568838c276ac4b9c6e97c1a8d4a7e40ccc5df607a5e174c

SHA512
69a6e013a2bcb092b100c9d1be799b140b26188e9578dbce6963ffbcaf3864db5760238fa0d09f4ef33faa3cfa613c37be4dc749c26042d47cb583a8a923dc5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12184.exe

Filesize
468KB

MD5
0cef58f792ab3dd8d8295cf05a124a34

SHA1
065037b8f7bf436fa73e7942a8b59f0c1f160531

SHA256
db1a8451bf7297b5896d9672f33ca71cda91d85c59dc72821d1a3b3c20a82b3a

SHA512
c01ee3c6488918fbe8c3b9b8ccf12a9a67cff2529f2aafd3a19f5989650f719d2072692452b7c8d762204b4d0b8d55962a03a01c4f640e908901077537c520cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe

Filesize
468KB

MD5
4a78ac3ad8b9419096f2758c34100363

SHA1
466a650b4f3b8f351a5348c3aac2a4708dff3ecb

SHA256
20930a5bafa0cb615be6ea4adb1500b5ee8eec801cef99f20304fbd545683373

SHA512
341bd6f9f82250061fe761f336b349328a5a53085d1d1636f429ff8c095df84a371af4cbe1e41d8f94010c6bae9f5aa1d0ae42f15a8cabfa619644eea1802859

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe

Filesize
468KB

MD5
a8d2f5cd92c982169d378cf48d199ed2

SHA1
924a5d1664a8ec71e622284dbad93160f3e16626

SHA256
eff9cd98ba8e3983b94c38c2ed14faad025324d43eb4788113cec8802d750221

SHA512
3f2f484bb469fa1f8e96207fa72b30e98573f8d8cdda6716f3b806d20d416816bdb6c612007586a9b08a8b483c637295e17735c8407f7d16aa99249378e37dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe

Filesize
468KB

MD5
59cb3439c416ec62cf356ace948682e3

SHA1
4c88cd4e48802288fbef1c4da31300900b621f96

SHA256
046284c607ccabf470d870ab954383c7b0edbaf30057ca564c2b26279bfe5dfd

SHA512
f0bfe017a1e1136dad756292d9d26f969fe6e7cb938aef705e30e1bb149438ca1d647febe0565f7b69e655982c852d088c0a9f9e50e5f3076b93e8c30ff2fbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe

Filesize
468KB

MD5
3abcd6f2a2f4ada46d58128a5341ea08

SHA1
4a91de19475e0774c8a851bb1ebe75869ae025db

SHA256
f75683e8ace625db2ece951401cbaaa74b946dc3fcd9490c6c1b9114475913fc

SHA512
c9c26fc1dd4eca72828a83832722c42cd937f3d0143ef98e70e14b9dd16387c4f9654eedccafb3739b20d635c6c3861dabbc5ff0593bf973f232980ba1740d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe

Filesize
468KB

MD5
3ad62a70a434cab259b1856c7b534d0b

SHA1
002ea269be319d2b2d68c97f78b662e33f2aa251

SHA256
1093560bb4043fcdfbe1c9664c0b191773363cedac01ec042976be14f86001f3

SHA512
481ba342e82f1c8d73bb8e15472ae1a2690f3b5d1dbffe0551a27bc947fe74550c13ea60cb3cba6136569cca4b4cacfe6adfe8ed66e7fdae6bcc208efad6cd7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe

Filesize
468KB

MD5
da0aad2da4d8fdf69b1d86d6b8a3458d

SHA1
eb38f0c123411c1bcdaed75b928d6ab6dc0c7bc2

SHA256
6fd63e6175f94bb720c059dd9c1411da6862d1c7872fd46e3944d34a4e3dfbc7

SHA512
be35bd04e0ab8736ed42c12d2c7472ad32a861a41e4f119aafd94e23d3040acccf87ae45b77d66f6ca043606585eb092e539610c20ec7316f3334bf677ee2a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe

Filesize
468KB

MD5
1bdb52b01efc0387fb13e3695aa1664e

SHA1
301c49526b0a28b43dd41fe296f46b021be0a909

SHA256
1c455f0069cd394e6812390a8f98e6b474f441fa26b8273719e924e6acad8cb7

SHA512
517e03d192eaf8b1ecbb93c895aa96447b7e06eeec0ceadc9382eca49871845e25434006771f0ec8b9cbad86c219e3ceb5a177c391a34a4e25750033b26fa0b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe

Filesize
468KB

MD5
2d83f6adb8ebec32ba788d0885e72f54

SHA1
a4faa95b2a4b25aeea435b30bad37f5b27f0451c

SHA256
0db023826015867dadb2601803eeb38f2b61a93f61f850e50da9ac791f38b79b

SHA512
c608396abde6035bf3f9ce57f905088f147d615a0acba7e9378ae328eb5d1285eda3b2e77f4d4b18ba9431052c139f99dfd26e68a47bce1cddc72c8c5cd4f33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe

Filesize
468KB

MD5
d54a90a8b530c96cff9d25cf9e79bc51

SHA1
fa842676ecea31dadf76bdf42996846c4c5be5bc

SHA256
e99bcc29767e0603ef5b7c21943a2db708dde495053473f7b87c4114b0a3f8ea

SHA512
863b155a1859c5923f649a126b66914f7b08361d42162fa8a8628a15bf1a755bdbb7fba55179795ac9604b1b6868485519a766511793e8fee910067cc6899f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe

Filesize
468KB

MD5
f49ce374b5bff5dc20e881e2726cf71d

SHA1
b6dc9c09b7b3e7cf58129125b237bf73dbb69309

SHA256
bdec3f8229f4d4ade0399dbfa8467bf60d57322379f4f4c93fa3db9a9301be84

SHA512
8f05634d4ef36b005339b1cd31c8ea7f401cd24a22c3ec5896e8183cbd117bd095b3f1f98a9987a89e74dc84338b9afe4fcbff2abc07c18c72a9d344a56c06a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe

Filesize
468KB

MD5
85ed6cc41b8b515c70a52a0c94335fb3

SHA1
d6a3c013c673d4c08203f87dd5d61608fe8e94d1

SHA256
0e00b25547fb7080f14593feb325bb6e1794f06ab2b565dc78a863471069c001

SHA512
33a810fb7e54b3ad98021e596554f5474d4757cf382baabc2538ef51259d136ff6ea1879b6a86e6d4f46634623fadacec778a030cd504ed0f0faa8efb70e40d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe

Filesize
468KB

MD5
b0ec0f81cfa2e794b94137584e273016

SHA1
2160c6a5a1506cae1e21613e11b45e1cccbd42cf

SHA256
26018ea5c97dd363915b5884a568478e04cdb81bd1a0572501cbaaa69a54052a

SHA512
a8791dc0d42a5a689945e8a1b5cfdd73c7d6a211fdd5d6a45748c11228355c1a87b540b7a45dd13879b64a2739e623a7dea9dc43a42061e7c7004177b511c51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe

Filesize
468KB

MD5
da17faf710c32133fc785308f08a0c6a

SHA1
8ab2f7f5868836a57afd9120c8cc1438c4546539

SHA256
4dcce2a61ccbda32e17a39db85a73f16105361f093d1f7e6575c0c56379044b2

SHA512
565c0b402e79dbf6040dda1a9342ed0c91a3d5ffa59ff1a23462e2bd608069a8b3ced8b24b01a84e8112f2f3e88a7cae99092613d0566dce4d86f4e3f10fae00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe

Filesize
468KB

MD5
85bad201a0e2400794d82c600bfe36ff

SHA1
669d36b3fb7da283d10af914b16ec16d2a185d41

SHA256
553d89eea467ef95fcabe70f8ff7f5f85bcdb5ff732c40611845fff74ca8672a

SHA512
9c3bd74fe4ae2e443b9784d3f88093d27004365ccac36c33ea20ba043c636fa8ab08c72dd6228c2a60752508f9604ab08a3c0139972f9f0487ddc3ac13e85bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe

Filesize
468KB

MD5
7702d022cacfadbcb458ca83211dc285

SHA1
406ee3c93ca9e0d1950c15f262d4f83d8e479a39

SHA256
76a43ef80a8130cfde1f30ab0fa640f07eb39a6173f342f1a1d6e1bc5514d36c

SHA512
ec1d7b723f4849e16da045fdc8dae8ca4acbcd7cf9362fb155a659d3b642a11e4de8d53068bd97d7f3fcae454bf80fe4201b1573b325a31abdb47482d6705bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe

Filesize
468KB

MD5
7829f4e76e3b054ad5403ca983a5422c

SHA1
4a154d6cf7128e6a5d65d0c7d1c68167c69e2030

SHA256
2e3818a7df079cb60bd38c5903ecce9279ea6bf60bad1efda58ff1bb0282e6c7

SHA512
a37c14fd4cf86efa87afb7264aaaba998312c9ca93394abc20eb5201d883ce97b5844c41d7c8f34f8ec8bdc5875ee3af5776e3ef33899871babd52cefd2aa5e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe

Filesize
468KB

MD5
f0977e4c7a06db7d346b3da4b8d899a3

SHA1
f19c003c250c851884cf52230f36e2ef74fa9c30

SHA256
10a98ad6b4b7e9457a8e7029e7f46d0886fc560a9fa7a7dd13a68eb967d40f07

SHA512
cd678f39127f7c65b23f4570ff166ce66451debf5b2b809849280517db93602b721c2456dccf8d8ebcd42c2abd632b2b1fcd71c0a09f39c13ff691ae9719d46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50841.exe

Filesize
468KB

MD5
4dd28e12dbbb529342f15062c222f674

SHA1
357addd811628ab01577439b66e0da20b5e5bfcb

SHA256
0590dba3c3c0f8602e29be679a7aa5ec1c4faf214ce902f8e6e737edc2416022

SHA512
a8676566a89f9f0d638f6ad1b92a7e9e3603a38a4632642fc279de4b16178565b96857ff13ee2f414887faf3dcfac38cd2a9c88d3811e2d65a19698cd90df182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe

Filesize
468KB

MD5
12c314f322696e2ecfc9eab4e5443e0c

SHA1
7c0beb72e2cd191946dd5fd3b832e03c756d2e57

SHA256
a5302051626d3d13e7e059b75fb2f07cdc08bbee178ebbb89d7ff1e331365c97

SHA512
4d7fb552c49896ee5c9de795d79890db02d01b6519a09a8a7bb717941feb30004ccba8513f5cc4e748e4617a15b698d9cc69b832d07dc3da88e7f909b94a17a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52009.exe

Filesize
468KB

MD5
b284518a5f8b14a9eaf0c962a2605f5c

SHA1
127091dc1ec0acfd83c0b3b8ec3030ea2934e827

SHA256
61d0c568f7b88180f8c633f4563118fe293a6a7d42e01ef1f627439d4abb20d4

SHA512
b64024f872b8e4936b83d5355880f70df7fb0db7ddb10fc5f4d4888505410b0f46a4f3e0eddf838e5a796e21a8ef098bb8eb5fb5a76a12d8962c68c7669a46e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe

Filesize
468KB

MD5
21e3bf0e66e1bbff36340c1f04ba5b6d

SHA1
bd6f907f6d8fb7dabe0c69639a12bb9dbf22f6ec

SHA256
a0e1c8892e175bfcb1b5a799b14a56bfd0d267705b45f5b56fa0c2137f52b4c5

SHA512
8f938366cd61c8fafc6b6480ada8e9c0e460f62e5e66704991466f9bc5bd0105b3371071681c8cf3f28970be256078cb334b46fec3417bc156577d5e61d263f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe

Filesize
468KB

MD5
f855f9afb29c9ae330a7bfb38dd030c9

SHA1
841a544e3c24195a5901cc8537980d8cdb029edb

SHA256
d0831dce089937d54f83860ccb8e3e56e965b11265560096f6c5ea4622f7faee

SHA512
2c39c712e5a677e75527b26dad7c62379094b499a181974bda443740202248d62ab1687e5f1aeb0a60cd13a5c2a9d7ab91dfa163d78bb40e1774b1fa9cd4db66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe

Filesize
468KB

MD5
c17a886a4cabb2c547fa7c2d59ed156b

SHA1
f2f617c4d0fe4ccc0f8213b31702dfb4c240c54b

SHA256
003a257bdce217ca96e75498b77e566d1e0fbc4cb7c0e9fa3e1c2cbbc8e7c557

SHA512
8371d4d32a719f2d06db8324df7da9383286950ef56b8710bbf23a8383af8ed2386c7e07b1bbe2bb3a191ef9a1688e1a5426011324a41c22e1182d8792c8c941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe

Filesize
468KB

MD5
4bcde87052ad2e595964aee0857d6328

SHA1
c4cb6d3a7f6dda85de7b9a7c0cfba75b4baeb251

SHA256
a60cfa8818934514d201606d23099258c268d4f195bfe9a7e8b1ab36ed663484

SHA512
257f9693abb8a8c523afaf7e2f6d6a339a3f01b8a2e16c48b82e024019608fd1c536ee2ede2ec3d8c1e24c865272cefbc7000b2de8f225a75afb350837df86a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe

Filesize
468KB

MD5
f986878f912e77acf4afbdad9a526deb

SHA1
10641f65ae7dd91482f85c5cbac386ec48fc0bff

SHA256
f3e492086e7af18d470e6a618e2ffc399d47cb4e17d58c76f385519938a221c9

SHA512
236e04b8d9de8ae9778bab20c69d0d999e113e59c5d5bd05ba297189aa19631a9f352cc9fa7d0e77eff3efd630656e64d3f9e3969e9a7f7f4700c8b5e7214ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe

Filesize
468KB

MD5
873be560fe7570c1492a9d90e1de11ae

SHA1
a49ef99b685fb0dd067425d6ae4944a0ba095b8a

SHA256
2f6bd741b121cb968b6ff103b121654a0275d9746601c27e81d3d592dd8b09c3

SHA512
8f6c24e975eb2adbd44c674bc132a653bccc14d3a8eefd5075ba1fdd770cae38df9f32788f5b2fa1ba06cdd67a17715e787fdf8cd21f128d69211bbfad01f26b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe

Filesize
468KB

MD5
620e1ac6095ab321a909f45f15430440

SHA1
165bcc3f99459b7b1070ee6b85a58f5b3066adee

SHA256
a975fcac2e1e962d74d932c8b5b22736df482b9e0e98d0a94fef06e076fdbab3

SHA512
bceb8126e78337130fbd7c02b68d560b3915ac30ab20b5f479e62232aca4b4a725dff1e90ed53d63437e6fddfeca6759ed4ff0cc65c54e44e5cd9489364e858c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe

Filesize
468KB

MD5
b7b662fd09d63041bbf83f91a45bfe86

SHA1
40173284a3a6e8477ce6090a208341678330800f

SHA256
967d5f2c3a5ddb06a4317720a782a9726177db0d48a2b81955789c27c7aa5c5c

SHA512
2bbeba00c46a91bf84db3235405d6924128f34f47305554143906aeaf30a5bec1d5841912055c9f21b656b6f8880bcc58d7f522a6d8a471d5734679bf17f3af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe

Filesize
468KB

MD5
32c8b5560f4ad7b5fdb6407e5d66c620

SHA1
e0c8284318973829cf0d30680d86224502df08b8

SHA256
23f80a56348844b6ec65c7bc3e8b28792d06b7c32b9996370d87409b409bc51e

SHA512
c800b116d1eb702b7ea137cccc35db311edf4f5d42e9fd14df51acdac1d8e5b1118e4a92462056a91bd2247f6e93d0468de8801ba456ab459765a04880b197b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe

Filesize
468KB

MD5
af381503395d115b4efbb3d27d885d13

SHA1
41dd195767769f29b4a27735c4d7a48cba7726c1

SHA256
b3dbd791efc7e33c841cab756d6548b63661f9436e3a2df0b473f187ad763adb

SHA512
172fc7e2c5538a007e1324dff97dd1cc24185e01600bcfad35f1eb4506ef2111c6f915190eebd4154f33baac7aa8c7452c8595215894e02442ddfaae1fed0cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe

Filesize
468KB

MD5
5829cc09223bfb1e886efd35f7163489

SHA1
a44a65fb1034df3cc41cba52ce67ccb49470e9a7

SHA256
2c981f5150c46bd4122d4b96179ae34ddfd546d1e9ccf64fa64477a37b636dea

SHA512
1c54c4458ab5766e9b7f5e3de486f7a1287e7f5607e57f67932806e7b3146120518419e86d7cdc6eb48457b822c981897e2c572277babdcd40f6d27c9f90f2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe

Filesize
468KB

MD5
eab1fac01afec015742b7e3d073fefa2

SHA1
9e121e949cdab550f3ace24b9d7eb26177b3c3e1

SHA256
54bd87867a664d7f68b0cb3307ec9bd355c9d701437e4feddcec2f09331b4ac3

SHA512
456dfb2810b4edeb75fc3cf245d6967587a4d162ee5977ab9eb87d7c38e1ad603eff276e31e3754525398abf401759a886e4b12fe78f0c85ab982d6f5862b1d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe

Filesize
468KB

MD5
ca1ac442d545db57a74e6ce96651bc33

SHA1
22206e7be1de330bc97d4844cf231b95c6c1eff5

SHA256
7042b3a1a1d65c3954c358c8a0486cc6c4638d178337d04bdbe632a369527a98

SHA512
3649078cd7717cc3b24cfa351530502fcfb393a38465d78f7a1f45ebcd4417fdce1aa471c5b7a0b4d95f626b952d26248817399d292188e8c1ad2556dd4afcf4

Download Submit
memory/18184-2681-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads