9b82ad6bc9ccd052f284a64276f730b5a370ac402e746fb44c3d82db91f27777

Analysis

max time kernel
148s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dfe457b9e2bbbeaa7db59570f1be220N.exe
Size

184KB
MD5

3dfe457b9e2bbbeaa7db59570f1be220
SHA1

26caec286bdc8b6347102be526a2b08ecd495467
SHA256

9b82ad6bc9ccd052f284a64276f730b5a370ac402e746fb44c3d82db91f27777
SHA512

75ad222040cfad2e9b390a0d28464c68032f9f28abec521eb1a8bff36e6e7d11defc2d5f584410b7db9886604cc862fc7db3c05fde6c79debe9ec318f8db4fc4
SSDEEP

3072:9a4vzCoeSzE5db89ZRqmtxTdlvnqnuiuZ:9aZo23b8smzTdlPqnuiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
820	Unicorn-1854.exe
3308	Unicorn-1413.exe
2152	Unicorn-47085.exe
3120	Unicorn-44470.exe
5080	Unicorn-63951.exe
4980	Unicorn-11827.exe
1980	Unicorn-64086.exe
976	Unicorn-58148.exe
4548	Unicorn-50895.exe
4492	Unicorn-4901.exe
2500	Unicorn-34486.exe
4436	Unicorn-14885.exe
3436	Unicorn-18838.exe
3268	Unicorn-31068.exe
2792	Unicorn-1925.exe
4788	Unicorn-17612.exe
2032	Unicorn-19798.exe
3560	Unicorn-49133.exe
4300	Unicorn-3461.exe
2820	Unicorn-19990.exe
3408	Unicorn-49647.exe
4944	Unicorn-10076.exe
4732	Unicorn-26819.exe
2124	Unicorn-15884.exe
4228	Unicorn-37494.exe
4540	Unicorn-50493.exe
4016	Unicorn-51007.exe
4372	Unicorn-64420.exe
852	Unicorn-50109.exe
4536	Unicorn-4437.exe
4132	Unicorn-53638.exe
8	Unicorn-25356.exe
4280	Unicorn-7509.exe
2688	Unicorn-53373.exe
4808	Unicorn-3918.exe
4892	Unicorn-23462.exe
2976	Unicorn-7317.exe
5108	Unicorn-17109.exe
2164	Unicorn-19548.exe
3836	Unicorn-52413.exe
4612	Unicorn-6741.exe
3824	Unicorn-49812.exe
1608	Unicorn-6933.exe
4340	Unicorn-29814.exe
4324	Unicorn-59471.exe
3180	Unicorn-43062.exe
4464	Unicorn-17861.exe
3844	Unicorn-56740.exe
2940	Unicorn-20847.exe
220	Unicorn-52621.exe
1220	Unicorn-39814.exe
380	Unicorn-46429.exe
3632	Unicorn-36415.exe
1752	Unicorn-36092.exe
3740	Unicorn-55574.exe
3976	Unicorn-55574.exe
1056	Unicorn-8604.exe
436	Unicorn-54541.exe
4804	Unicorn-8869.exe
3384	Unicorn-52132.exe
4884	Unicorn-32796.exe
2144	Unicorn-8869.exe
3092	Unicorn-38396.exe
800	Unicorn-37951.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
5292	4368	WerFault.exe	149
9160	5228	WerFault.exe	223
5176	16356	WerFault.exe	793
9640	8772	Process not Found	1129
13400	5680	Process not Found	990

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	672	dwm.exe
Token: SeChangeNotifyPrivilege	672	dwm.exe
Token: 33	672	dwm.exe
Token: SeIncBasePriorityPrivilege	672	dwm.exe
Token: SeCreateGlobalPrivilege	8580	Process not Found
Token: SeChangeNotifyPrivilege	8580	Process not Found
Token: 33	8580	Process not Found
Token: SeIncBasePriorityPrivilege	8580	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe
820	Unicorn-1854.exe
2152	Unicorn-47085.exe
3120	Unicorn-44470.exe
5080	Unicorn-63951.exe
4980	Unicorn-11827.exe
1980	Unicorn-64086.exe
976	Unicorn-58148.exe
4548	Unicorn-50895.exe
4492	Unicorn-4901.exe
4436	Unicorn-14885.exe
2500	Unicorn-34486.exe
3436	Unicorn-18838.exe
3268	Unicorn-31068.exe
2792	Unicorn-1925.exe
4788	Unicorn-17612.exe
2032	Unicorn-19798.exe
4300	Unicorn-3461.exe
3408	Unicorn-49647.exe
2820	Unicorn-19990.exe
3560	Unicorn-49133.exe
4732	Unicorn-26819.exe
4944	Unicorn-10076.exe
2124	Unicorn-15884.exe
4228	Unicorn-37494.exe
4540	Unicorn-50493.exe
4016	Unicorn-51007.exe
4536	Unicorn-4437.exe
4372	Unicorn-64420.exe
852	Unicorn-50109.exe
4132	Unicorn-53638.exe
8	Unicorn-25356.exe
4280	Unicorn-7509.exe
2688	Unicorn-53373.exe
4808	Unicorn-3918.exe
4892	Unicorn-23462.exe
5108	Unicorn-17109.exe
2164	Unicorn-19548.exe
2976	Unicorn-7317.exe
3824	Unicorn-49812.exe
3836	Unicorn-52413.exe
4612	Unicorn-6741.exe
1608	Unicorn-6933.exe
3844	Unicorn-56740.exe
4464	Unicorn-17861.exe
3180	Unicorn-43062.exe
4324	Unicorn-59471.exe
4340	Unicorn-29814.exe
2940	Unicorn-20847.exe
220	Unicorn-52621.exe
1220	Unicorn-39814.exe
380	Unicorn-46429.exe
3632	Unicorn-36415.exe
1752	Unicorn-36092.exe
3740	Unicorn-55574.exe
3976	Unicorn-55574.exe
1056	Unicorn-8604.exe
3384	Unicorn-52132.exe
4884	Unicorn-32796.exe
4804	Unicorn-8869.exe
436	Unicorn-54541.exe
3092	Unicorn-38396.exe
2144	Unicorn-8869.exe
800	Unicorn-37951.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 820	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	85
PID 4868 wrote to memory of 820	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	85
PID 4868 wrote to memory of 820	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	85
PID 820 wrote to memory of 3308	820	Unicorn-1854.exe	86
PID 820 wrote to memory of 3308	820	Unicorn-1854.exe	86
PID 820 wrote to memory of 3308	820	Unicorn-1854.exe	86
PID 4868 wrote to memory of 2152	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	87
PID 4868 wrote to memory of 2152	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	87
PID 4868 wrote to memory of 2152	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	87
PID 820 wrote to memory of 3120	820	Unicorn-1854.exe	88
PID 820 wrote to memory of 3120	820	Unicorn-1854.exe	88
PID 820 wrote to memory of 3120	820	Unicorn-1854.exe	88
PID 2152 wrote to memory of 5080	2152	Unicorn-47085.exe	89
PID 2152 wrote to memory of 5080	2152	Unicorn-47085.exe	89
PID 2152 wrote to memory of 5080	2152	Unicorn-47085.exe	89
PID 4868 wrote to memory of 4980	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	90
PID 4868 wrote to memory of 4980	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	90
PID 4868 wrote to memory of 4980	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	90
PID 3120 wrote to memory of 1980	3120	Unicorn-44470.exe	91
PID 3120 wrote to memory of 1980	3120	Unicorn-44470.exe	91
PID 3120 wrote to memory of 1980	3120	Unicorn-44470.exe	91
PID 820 wrote to memory of 976	820	Unicorn-1854.exe	92
PID 820 wrote to memory of 976	820	Unicorn-1854.exe	92
PID 820 wrote to memory of 976	820	Unicorn-1854.exe	92
PID 5080 wrote to memory of 4548	5080	Unicorn-63951.exe	93
PID 5080 wrote to memory of 4548	5080	Unicorn-63951.exe	93
PID 5080 wrote to memory of 4548	5080	Unicorn-63951.exe	93
PID 4980 wrote to memory of 4492	4980	Unicorn-11827.exe	94
PID 4980 wrote to memory of 4492	4980	Unicorn-11827.exe	94
PID 4980 wrote to memory of 4492	4980	Unicorn-11827.exe	94
PID 4868 wrote to memory of 2500	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	95
PID 4868 wrote to memory of 2500	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	95
PID 4868 wrote to memory of 2500	4868	3dfe457b9e2bbbeaa7db59570f1be220N.exe	95
PID 2152 wrote to memory of 4436	2152	Unicorn-47085.exe	96
PID 2152 wrote to memory of 4436	2152	Unicorn-47085.exe	96
PID 2152 wrote to memory of 4436	2152	Unicorn-47085.exe	96
PID 1980 wrote to memory of 3436	1980	Unicorn-64086.exe	97
PID 1980 wrote to memory of 3436	1980	Unicorn-64086.exe	97
PID 1980 wrote to memory of 3436	1980	Unicorn-64086.exe	97
PID 3120 wrote to memory of 3268	3120	Unicorn-44470.exe	98
PID 3120 wrote to memory of 3268	3120	Unicorn-44470.exe	98
PID 3120 wrote to memory of 3268	3120	Unicorn-44470.exe	98
PID 976 wrote to memory of 2792	976	Unicorn-58148.exe	99
PID 976 wrote to memory of 2792	976	Unicorn-58148.exe	99
PID 976 wrote to memory of 2792	976	Unicorn-58148.exe	99
PID 820 wrote to memory of 4788	820	Unicorn-1854.exe	100
PID 820 wrote to memory of 4788	820	Unicorn-1854.exe	100
PID 820 wrote to memory of 4788	820	Unicorn-1854.exe	100
PID 4548 wrote to memory of 2032	4548	Unicorn-50895.exe	101
PID 4548 wrote to memory of 2032	4548	Unicorn-50895.exe	101
PID 4548 wrote to memory of 2032	4548	Unicorn-50895.exe	101
PID 4436 wrote to memory of 4300	4436	Unicorn-14885.exe	103
PID 4436 wrote to memory of 4300	4436	Unicorn-14885.exe	103
PID 4436 wrote to memory of 4300	4436	Unicorn-14885.exe	103
PID 5080 wrote to memory of 3560	5080	Unicorn-63951.exe	102
PID 5080 wrote to memory of 3560	5080	Unicorn-63951.exe	102
PID 5080 wrote to memory of 3560	5080	Unicorn-63951.exe	102
PID 4492 wrote to memory of 2820	4492	Unicorn-4901.exe	104
PID 4492 wrote to memory of 2820	4492	Unicorn-4901.exe	104
PID 4492 wrote to memory of 2820	4492	Unicorn-4901.exe	104
PID 2500 wrote to memory of 3408	2500	Unicorn-34486.exe	105
PID 2500 wrote to memory of 3408	2500	Unicorn-34486.exe	105
PID 2500 wrote to memory of 3408	2500	Unicorn-34486.exe	105
PID 2152 wrote to memory of 4944	2152	Unicorn-47085.exe	106

C:\Users\Admin\AppData\Local\Temp\3dfe457b9e2bbbeaa7db59570f1be220N.exe
"C:\Users\Admin\AppData\Local\Temp\3dfe457b9e2bbbeaa7db59570f1be220N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
    3⤵
    - Executes dropped EXE
    PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        9⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        9⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
        9⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        9⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42556.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8104.exe
        9⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        9⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        9⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33020.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25567.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        7⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        9⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        9⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        7⤵
        
        PID:12692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
        7⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        7⤵
        
        PID:18212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        7⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        8⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        8⤵
        
        PID:12424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        8⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        7⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        8⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        8⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
        7⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        7⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65123.exe
        7⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60549.exe
        6⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44355.exe
        6⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        6⤵
        
        PID:15560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
        6⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
        5⤵
        
        PID:12972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        9⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        9⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        9⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        9⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20111.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        7⤵
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        7⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        8⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        7⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        8⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        8⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        7⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        7⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        7⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        6⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        6⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        5⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        5⤵
        
        PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63654.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        7⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27723.exe
        6⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58973.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        7⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        6⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60407.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        6⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60339.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7807.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        5⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8034.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        6⤵
        
        PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        5⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        5⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51418.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        5⤵
        
        PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        5⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
      4⤵
      PID:13444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
      4⤵
      PID:17256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        9⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        9⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        7⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        7⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        7⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17791.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        7⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        7⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        7⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37932.exe
        7⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        6⤵
        
        PID:13452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        6⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50109.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        5⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        7⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
        6⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        6⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        6⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16498.exe
        5⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7882.exe
        5⤵
        
        PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        6⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30758.exe
        5⤵
        
        PID:16356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16356 -s 468
        6⤵
        Program crash
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        5⤵
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
      4⤵
      PID:788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        7⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29174.exe
        6⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        6⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        6⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        5⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        5⤵
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32381.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        6⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46999.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        5⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
      4⤵
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
      4⤵
      PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
      4⤵
      PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55120.exe
      4⤵
      PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        6⤵
        
        PID:16160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        5⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        5⤵
        
        PID:12484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        5⤵
        
        PID:6216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
      4⤵
      PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
      4⤵
      PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
      4⤵
      PID:13148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
      4⤵
      PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
      4⤵
      PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
      4⤵
      PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
      4⤵
      PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
    3⤵
    PID:8232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
    3⤵
    PID:11276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
    3⤵
    PID:14796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
    3⤵
    PID:17580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10779.exe
    3⤵
    PID:8424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26572.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        8⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        8⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        8⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        7⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        7⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        6⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 488
        7⤵
        Program crash
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        6⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        6⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2798.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        8⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        8⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45943.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        7⤵
        
        PID:9128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        7⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        7⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        6⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        6⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
        6⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        5⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26400.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        7⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        7⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17283.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        7⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        6⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60751.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        5⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        7⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        6⤵
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        6⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29797.exe
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        7⤵
        
        PID:18252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        6⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        5⤵
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        5⤵
        
        PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12033.exe
      4⤵
      PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
      4⤵
      PID:8336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        6⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3535.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        7⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21487.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39674.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        6⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        6⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        7⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        7⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        6⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        6⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        6⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        7⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        6⤵
        
        PID:16144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        5⤵
        
        PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
      4⤵
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        6⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        5⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
        5⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        5⤵
        
        PID:14624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        5⤵
        
        PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      4⤵
      PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
      4⤵
      PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
      4⤵
      PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26463.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        7⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        6⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16242.exe
        5⤵
        
        PID:18032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        5⤵
        
        PID:18056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
      4⤵
      PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        6⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
      4⤵
      PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
      4⤵
      PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8266.exe
      4⤵
      PID:8716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
      4⤵
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        6⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        5⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
        5⤵
        
        PID:15248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        5⤵
        
        PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
      4⤵
      PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1513.exe
      4⤵
      PID:15912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
    3⤵
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        5⤵
        
        PID:15692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
      4⤵
      PID:12040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
      4⤵
      PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
      4⤵
      PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
      4⤵
      PID:7700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
    3⤵
    PID:7048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
    3⤵
    PID:15896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
    3⤵
    PID:5788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        6⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
        8⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        8⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21301.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        7⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        7⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        7⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30332.exe
        5⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        6⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 492
        7⤵
        Program crash
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30982.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        6⤵
        
        PID:16408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35578.exe
        6⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        7⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        7⤵
        
        PID:17888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        7⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54906.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        6⤵
        
        PID:15276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46991.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
      4⤵
      PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
      4⤵
      PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        7⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
        7⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        7⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42016.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        5⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        6⤵
        
        PID:14880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        6⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12726.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46698.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      4⤵
      PID:12480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      4⤵
      PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
      4⤵
      PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        6⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        5⤵
        
        PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
      4⤵
      PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
      4⤵
      PID:15508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33654.exe
        5⤵
        
        PID:17920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        5⤵
        
        PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      4⤵
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
      4⤵
      PID:17928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44963.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
      4⤵
      PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
      4⤵
      PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
    3⤵
    PID:12152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
    3⤵
    PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
    3⤵
    PID:18216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49914.exe
    3⤵
    PID:7476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        5⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
        7⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27020.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        6⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48125.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        5⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
        5⤵
        
        PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
      4⤵
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41863.exe
        6⤵
        
        PID:12884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        6⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        5⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        5⤵
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        5⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        5⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        5⤵
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        6⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15178.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45274.exe
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
      4⤵
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
        5⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15154.exe
        5⤵
        
        PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
      4⤵
      PID:16444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        5⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      4⤵
      PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
      4⤵
      PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
      4⤵
      PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
    3⤵
    PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
    3⤵
    PID:8240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
    3⤵
    PID:12140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
    3⤵
    PID:15128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12654.exe
    3⤵
    PID:17940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
      4⤵
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        6⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
      4⤵
      PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
      4⤵
      PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
      4⤵
      PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
      4⤵
      PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
      4⤵
      PID:8784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25606.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        5⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        5⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
      4⤵
      PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
      4⤵
      PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
      4⤵
      PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
    3⤵
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
      4⤵
      PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
    3⤵
    PID:9504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54432.exe
    3⤵
    PID:12312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
    3⤵
    PID:17392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
    3⤵
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1333.exe
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50448.exe
        5⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        5⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        5⤵
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
      4⤵
      PID:15644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
    3⤵
    PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
      4⤵
      PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
      4⤵
      PID:17972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
      4⤵
      PID:9636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
    3⤵
    PID:8316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
    3⤵
    PID:11288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
    3⤵
    PID:15588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43718.exe
  2⤵
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
    3⤵
    PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33814.exe
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
    3⤵
    PID:10572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56675.exe
    3⤵
    PID:14764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
    3⤵
    PID:16608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
    3⤵
    PID:7172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
  2⤵
  PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
    3⤵
    PID:8880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
    3⤵
    PID:12400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
    3⤵
    PID:15796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38098.exe
    3⤵
    PID:10764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
  2⤵
  PID:8764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
  2⤵
  PID:12052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
  2⤵
  PID:2212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
  2⤵
  PID:18008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
  2⤵
  PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4368 -ip 4368
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5228 -ip 5228
1⤵
PID:8724

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe

Filesize
184KB

MD5
ec245858c39b9a2a878b5ce1f11df8bb

SHA1
be5e1a4662058de26dbecbf565d205b74e0e1b54

SHA256
728e46c0c88611a900aaf88eebd1218721a96cb408c193823e4fc43e1ea81602

SHA512
6a3304881da4db775c3ca40c1884ca3dee3cc106149de7b02de26ebcda495eaf0ca783091375740d066e496bb2245d927378020f910d31c1a288ea9f751d11dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11827.exe

Filesize
184KB

MD5
4aade5ca2116a33153b29d2623902172

SHA1
032b783f2e1a16998a5fac3f6bd66272b8654805

SHA256
eafc59a0c6a14c2d59b7fa3b94e136542f581acbaf371e76167094e7086c325b

SHA512
29445149a9f4ebddaa04050c588ad029b89cf7fef964739d571c8fa5411739c6c155d8034ba907802bc010db9431ab0a80ff1690803407f4fb2d3bb0946586ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe

Filesize
184KB

MD5
e3435ac2290279b41ef1c861d7d20cca

SHA1
2d69e6ef4e62535aa69a442fef8cd64692072feb

SHA256
7427885c62dae4dcf62ac4048b7c7b6bc00e7a090411d84b7cd4402c686e021b

SHA512
88fd2881e4eb9d43ee01ce0bc27b5673455ffe485dd7654242d99f50dbf6447dc8f9e11e29db5fe292567eeb876d7b2e580978a4f7e7a034abc5ad2949669fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe

Filesize
184KB

MD5
33df1fe01831bc9f3189f89b1d356516

SHA1
279c0c287c83587fc41503c65382652c2ee2f858

SHA256
4d59945d47866adf72946bc28e122cc3b08c6b9d4b503bf574187ee3a4c3c0fc

SHA512
bcbb26ef593b437dd4f0cef373031a120e9741752b177c5191733cbc1640b091de63fdae445f5d3728e8fe4beb5a7454b008540d960642affd9d0bac4ba5289a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe

Filesize
184KB

MD5
3097f0ff0bc26875a3bc76d9ba3be48c

SHA1
082ef1f1a88beb8c4acb127fead73f1b8984490e

SHA256
a4326d88f723d462081212c10855ee507c02c41d60f2deb5906ffed492ee42cc

SHA512
1e322157e8a61681f7729f9df3b74c9f10fc0b50319e2ec01b6be21da7df92288863816283d4fd26808d2c2068b7e7831a8463d84c426caba4bf8529335a5796

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe

Filesize
184KB

MD5
75a2e37c73977ab041f7e22e8d7ba331

SHA1
935b8901291bbc40c554342e4562342d4953e57a

SHA256
33966b1de1d49d47b23742eb3201d5811717c5b13af513794ed0517e19ddd94e

SHA512
14a460854996c799df30ba3cbcd1822b78d7feccbc1d5fca65bc228be02454364b3874e7296901a5cddea46ce5b7e7972c0ff8fbd0e42e2e6a8e8e073c47db1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe

Filesize
184KB

MD5
1b11955b4cd91432b7aa9084ba2b0d56

SHA1
cb4db01beb180a5e66f1aa323f8383361ed83817

SHA256
4acefff2f54e2d3f8a034c62c33ae7ac7e5a5d58e5c64cdf9f7e1e3e405f3852

SHA512
89598fec834682763f591bab551de17a5890796464674a1b12dfd3e3671c85878bc3d8c2db67856dc0310d23b9e82f8585b328ab9a58dcfe9b4e017ffb3af862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18838.exe

Filesize
184KB

MD5
a3470bf5b7fb417d30105d09abb96cb1

SHA1
d28aa8f25a49b7f15b56a4f203e31e44b5881628

SHA256
a505b5e3b8f60991657aafc3bb2b4ec88af0977876dd017c38e3570f9566a81d

SHA512
d5a991607160217f8ed5bb89c2d51bdbfa429c38031673c30912759b6c48a2ed3e578145ed2de3eb91d7aad1b1d1d34dfce080427c33fd98a38282d942666ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe

Filesize
184KB

MD5
669b5269f2dd9b19f34b3c31c6fd8b76

SHA1
55a720d5323a1d67c926d1186546e04bf42bc8cd

SHA256
fce20ee5dde025cdede8ae4600f647e56312133655bc0c2ae6d36f2828896001

SHA512
1cc0cb7b14dd92a8688fa57ba10f870c309889b41a02cc4dc79406a6086a0935e5ba5f5eaf231f8a86dd022b66fca6e65cd6fe5d96e5ccbcc38f329e80d4f894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe

Filesize
184KB

MD5
c4856553e1d741ffa3eaa6514f79e7d0

SHA1
05f8856c40d2500ea127c3007be1e297887f36ae

SHA256
a626e64221e4f8ef7d88024c49d0a7394aae4a8dae5e43b0209c6f8b0af3d954

SHA512
c3a737d8578118909853033728d6f239cd0abd1a9a7214262aaf17508fc40ce54bf8b941413c8a7550718114809de6d5c1ce974bc188f331067b6e177eab98a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe

Filesize
184KB

MD5
696592be17b2d1a77499fb89e04efdc1

SHA1
8486f4d041fba80f22ddb2128302fca03c5c84bb

SHA256
bc1256aed0836630ae5727840cdec5175362f214a19467c73cb4ac525b122cca

SHA512
3e7c37175cc6a857bc1be0deb514ae9476b4e2c331d20a8087a94d4c0583cc4bac67e222ef28600c6a3898c9ddddc69c91248fa4a9beb245cd545e793cb1e14f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe

Filesize
184KB

MD5
6eca940e245d7577b3a9f1b379339a12

SHA1
8c704e85c74525b8ff33c8e42976cc91ecc5fe7a

SHA256
471bd3843756598e90885cf6fa03b2d6a7337e55fdfe08f18c502ab889a356c4

SHA512
4ada5aaf3ef60d2399b160a4784093fd2b1f91bbc32e2cf810ec18a727ebc1bedcdc6efa9e03d7fc0036eac2d8b8b9deddf2ab30fc2278e28e1a4336d2ddf81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe

Filesize
184KB

MD5
54eae4bba3b80f5ac86b9abfc732849d

SHA1
28832fc4535805d09b7fbb15c68450cd58827def

SHA256
74f05b98e2fd25412566ecb762a3e8e260b0c89a3edab517a80ace1cc280cd3a

SHA512
d535c32453a56c09409368aad650c1817a5a1877fa535d1245b72c1aa5affc6a4cf97d6fe33b1c58d3bb99e41d9cef184a12fe8a667dbee001a215537f4c4dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe

Filesize
184KB

MD5
09089a2613cc104749737f1f6747b8ce

SHA1
9ee438aca1bb1e06713823b2f3982045706c13f7

SHA256
fff2a51a544f681b0b4a4021665c19e29f6a31aa5f01a5870be5bbafdc38122a

SHA512
b520c06d071619b40fc8a52660ee184ada593d742eb2e00045bf88da28bdb6cfdcbe61a939dff3a285a9e964e4cc78c14a224ab8caed612fc52c3a053d45064b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe

Filesize
184KB

MD5
67743c6b6240e0aae0a4709d10017b61

SHA1
cf3176bc94812a2dad957220ea760de92eebed4b

SHA256
bdc605e78b08831d3b04e12f6adccbf853035906e01730b7e40eb99259147b54

SHA512
778d8307a39691a39b358571c35f01a7ad81da251737dbd2e7b0d4269bf07dea7dda0b76158b49f68828e303ecfc679420f17cbf17a0b852769846377e05ad3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34486.exe

Filesize
184KB

MD5
30f63713d50556abf48578343833d12d

SHA1
897432644afb8ec06897e539e6476890fbc1f2d2

SHA256
0144af0ea13eae6159726836dc92cdf7609fddd28c266340760514498b006928

SHA512
369fc68bbd14c7a9da7709e28571e4474a9b9a85c937028d3f477afd5fb1a2abcee9a7282dffe20f749504efb71e6ed1eb9695b699e701e20f3e6b839b80fa42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe

Filesize
184KB

MD5
19f9463845a62fe6692a1fc4a5cbd6f3

SHA1
728056d5e1b62f78e24aae203dfd4b5666294279

SHA256
828a5ca787adb88a5aeb47acecf0059627e59f829c32990322c7b3400d829d1d

SHA512
420986b31f72d930ff884952c17d1fe327615af8277e8a680f483d5a4d641c8f6eb1dd14a6ddc6f94443df48c3abd1adcdee6623a9ac4f28942a0afc972e44b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe

Filesize
184KB

MD5
68b2dfa65ef67a1f410eee798e95932d

SHA1
3051f11517d7ad73a0389388888ad60f5926a4a4

SHA256
005214fae43962c9a57adbd56b46950622d38f08765bba43856def7e6309dfbb

SHA512
4aa564aaf789664572e565235a43578c7e1e9aad25ae7ca2029a4b894a997a0d4f57bff053bd176a5c3387336e446dda26f5b834238c3364516fa2eb79a0855b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe

Filesize
184KB

MD5
488fe18fccc00a84eb5dd806dacbf3a2

SHA1
3a7be5157e52b972c86366c01e6818b6076ae588

SHA256
8bab50564cff07d27a61d3879b3636681b0d6acde7734bbbf9c5a6804d974a2c

SHA512
9ec24e037250e2232006ff140f511dffce8e77fdd35f8c284c6f17bce376fac999d0d3bc39ec61730473250b321482d778391198f586795b4615dcb01789b016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4437.exe

Filesize
184KB

MD5
07ecf8aaa796949e643aad7027007782

SHA1
e551730ed83e2b0e0a071ac3547e931239a163e2

SHA256
dd64c2446c61a02963825a46108050fc54af9c18f43ef82277323ff9e262ee6a

SHA512
cc0e2e8a1e9149eec6591dc6272715426603294c78b60151a5ac8f59181f771486a9798cf7278b986b2bb263baa3c1c1da7504da4bcd1ae56b76b2b6700f6dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44470.exe

Filesize
184KB

MD5
31e7ed200a98e360fcd94985db19afc1

SHA1
c282fda056ec07738513bd90d8418ec3d5ff1c09

SHA256
f398930f50c7e45bff9144e48aff02876c2cb3943ed48714f3ffc6402b202c9e

SHA512
a3647709097a834d31bb66510df88386267aa885404d7d57051634fdbb6eb7374fe750036d847f9fcc6a19f7baed5fe60d57ad40cc642d47619451a51b251d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe

Filesize
184KB

MD5
5f8968bc185177cd0cc5be740119d2c6

SHA1
96466bb92d309f3f157b108dfeba349ab7bfdf0e

SHA256
b23fc70e9d61b0072ef42c18d0372b3d7288d7e6dd4dee4fc32b4bcf22d155df

SHA512
27a0ce7e6e2ab1bfafd93f6c0aaa82fa1fd8085fc4c37d80ed9509ca51ffbedcea3defa420d16e7f134129ce51f953875b2c0053595718d3d368ae20bf40b303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4901.exe

Filesize
184KB

MD5
aff1011a6b7b20a37864fce2962436cf

SHA1
a86b942e8d602848d5b70c184fac129800bcd277

SHA256
5655bd126621b26aeb51214c86e41b0c4f60de2af39dd60c39eecf2a1dfa19f6

SHA512
4b69556ce3810b33ed8a9afe80f06ba23e0187f272afd767c502acec9337d42b65fa63497dc811b83d936847db5dfb4ba9f3416c24f183fb0fd637e28f223577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe

Filesize
184KB

MD5
38531ffc5daf2c4c9b34a5447c373bc6

SHA1
a438feb23e9f21b681dc47518a91d0243792b65a

SHA256
991b0c199ff2f8c91e1a2efcb41a181829befede17d8b608ed2ff2f62ca314e7

SHA512
820b7fa1e341a300e02696a537439a8956268ce1210daec0d10c623d190fe6cd51511a8e2c059be9dc2f4362dd4bb3043cc1cdfd30ca13fa4049984b11490fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe

Filesize
184KB

MD5
01a1617a5eabc30d522e8a1b37c71975

SHA1
3ce0d9041e4f09618436af0449e49480e13caa1b

SHA256
06335d71dd10967cb3d257298609d99fcb0f8383f876998aae0b326a29e436bf

SHA512
1c0036355493a21d00917080f1f46be8f60480083cefabab506138b55e3eb8f1965522cd7c1cd8d5e9b32fe5cd3982ee6cf645ee2c155323d8b9b6513c3fcfc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe

Filesize
184KB

MD5
a773482f9504cf1087fed583c8daf49c

SHA1
959876d1697c9ed0b165f28c6f7062f4a30ab6d7

SHA256
f91fbef64721d564560270c1f70e8743a8e1670e0185137b618669bbdea85eff

SHA512
03c7a8748e786066752fd5b5c28b34d95f0b8069a6b5928b05f14ac10569cd50dfbf55d037c8675d675d7e61cea7f288b905306b64c5e9a0f9b3e1db8b511004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50109.exe

Filesize
184KB

MD5
9f69634d2ad9eebc88439fc7677845bc

SHA1
548b8daf4a01d76008c806a05a23ac9f25dfe4fd

SHA256
7d20677e1a8f6ca2937a2b3b1d1b80cb623fc928cf58de5578fa92d12e53fe5a

SHA512
edc23dd05ed01360b106256aa0d737da5ef22853e714f91c92b3e6d846a1dc272a3c5e1c7d20b931bcb41173a0edebf69edb2f79871dd73cb54ea9f9e70df336

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe

Filesize
184KB

MD5
e6fb6cd0e424fa5f716bc3b9b58110bb

SHA1
2c25c170556504a041b93d9f70463eb7bed34e2e

SHA256
2712dce58fa3fa533efb1ed07393c01d3cc1c8422cc98ec1659ff53333c5ba6d

SHA512
aedf4a2cc1ba62f59831b8bf38d155341687b79ddcb0c39bd204db521147872a763c8a6ff1b2377872774d2afbe9103c64dedd2f69f7797d594152b814832a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe

Filesize
184KB

MD5
2cc7ddee87f301c061953b20b69466e3

SHA1
0dcc269dcfce4d01267a03f480bd8093fafd259d

SHA256
dc97ec406779e953d54bebfe54fb304f271d85a1075ca6df739563d276c56020

SHA512
d22d708c5f30920e8d42836f3437ce00b575b65f2545acfd9a4765bc80bea7e6170524be0577cdbcd593295dd09aa61645536cf32da5ef6303c632b312aa3d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe

Filesize
184KB

MD5
34374aa75ab6a361d1b9eb45b67d0b51

SHA1
16564c1db2feae22cf0e709af40f1df3f5e1de49

SHA256
def7616115c17ba7421900e10fbedf09cd4c5b2dc7ab93a2d8caf7979fc83f4e

SHA512
31a318ceb0f9eff6f6b65eaa24fca3bc28f86fd2aca7e4371a08656620cb19a5207db46fac37166b9ff2ac3e0fadc57119a5dd4c705d659c561d7b8804c288c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe

Filesize
184KB

MD5
65fe8a9f416b45a921b567e7845439a9

SHA1
7165f1fad772e99f7affe42fb056673ec737e1f6

SHA256
41cde54d38663fa13f2f0d99cd505b7857fa69726b4658be635baf7de7128860

SHA512
ccdfe7464c0030fcb8a4d065e8172d33b65905b07a20dc88e6812b4df9d840254b78ff98d6bb511c77e5ba8cae001183f449da09e3f59fd398d3fc76656cac36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe

Filesize
184KB

MD5
58aca9687945bd8269f73df2f19e9ee6

SHA1
1de8f0f4011d36d4e70806140909c77481907d94

SHA256
ab61137281cbccea69e49da3600793d3a54b392968abc8f8b70fe4a8b9c2ad81

SHA512
6835da595df06be55374cb77bbf2ff31596460e697c445b9f20156e49840d4f32dfb53ec307348381a3d71932bff07788a3158636df36fc48a4049acc6ff00b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe

Filesize
184KB

MD5
c48a1141f910c4ea606b0274f7eb83ba

SHA1
da3ee3bef0210bfa75b0f7d0f50242274ba9d5fb

SHA256
faac50cd0f17b1fe172b8da6f518631e40711e1e0ca5af19575ca8dc32cdbfaf

SHA512
24b473148117c18ab2abd4ac3b71d8da731a5b64939dbd2cec01b8a04c2d8fe9d300db3f3f79b41aa0b048998f3b24481f51cd456f8aebef3beea8d9f3a42344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe

Filesize
184KB

MD5
858c4d5b9b238261cf762a7d44eb6ed6

SHA1
7a18be346f1943b439f9b468bd5ba2f7525e4f07

SHA256
606ef43b0cdfb0e54fa82d005ae23529cb0a4f60544aa6f4f6b18dd0a3580c01

SHA512
ade9ea4613139452ea52a62d6ec409d36846d9e35e06471deeb125f66f37e81cf11413e3c97c150cd3a8b1748912063c0cbc7096a342af30d44cc935a556fa98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe

Filesize
184KB

MD5
133ce6e0ec823226400e6818863eca25

SHA1
1308335badbd6a5c0985ec71bc7f4f31cfce4a5c

SHA256
ce21eee99c2652cf029f77dc1087ea95c7458794ceff843b30f53a3fa827eaf8

SHA512
eb674618b69c001e160e8090323e8dbe437abbd9ab45354137e11e3c9fb5a3d91c9027d4708e3c228e66d79e034c749de0de427f83343e277038d5a83fcd0ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe

Filesize
184KB

MD5
97cd7e00a4f71b1312f58a22e1914354

SHA1
2f637cbdb56177f9a83f948f9c0e75577c7d6e77

SHA256
2d5d27129355add4d099ef8c8219368f786a7ea7dce8c9a7a7d99527d82c1258

SHA512
21559b6ccaabee9f84a436df1a050907b03615d84ba663f1152cdd77b596252fca6a103d3f29b42eb73901a0b122a0302376bb8130f43b3d5a8ba3404c84fca1

Download Submit
memory/4300-3789-0x0000000074EA0000-0x0000000074F36000-memory.dmp

Filesize
600KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads