e47af38b3e95b424e1f338c54a50fd4a42df469829b73f694f14376c54e22d42

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ee4f966288dfd2570bf1eb3159b0f60N.exe
Size

184KB
MD5

2ee4f966288dfd2570bf1eb3159b0f60
SHA1

020e182be1182f771224b27335c732852eb9edc5
SHA256

e47af38b3e95b424e1f338c54a50fd4a42df469829b73f694f14376c54e22d42
SHA512

bcd041002c7ee770c19ef0852121b76a50701b2aefc70999cd097487a1ed92938beb66fc5bd4d9d97bda758d04c554d6b5051177965b091d73d6253a7e429758
SSDEEP

3072:Vpn/m7oOpkQVCdzxTs/b5F1XulvDqnviu:VpmoQuzx85XXul7qnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1952	Unicorn-19120.exe
1424	Unicorn-7718.exe
3248	Unicorn-27584.exe
5072	Unicorn-37008.exe
5004	Unicorn-33478.exe
2124	Unicorn-20288.exe
4616	Unicorn-22325.exe
1376	Unicorn-64304.exe
3128	Unicorn-3406.exe
3696	Unicorn-47968.exe
1624	Unicorn-57982.exe
2256	Unicorn-14911.exe
3932	Unicorn-11574.exe
4880	Unicorn-39608.exe
3824	Unicorn-62887.exe
3928	Unicorn-14439.exe
3504	Unicorn-22608.exe
3164	Unicorn-24645.exe
5080	Unicorn-3318.exe
2292	Unicorn-46463.exe
1924	Unicorn-17128.exe
884	Unicorn-25488.exe
2948	Unicorn-33656.exe
4260	Unicorn-599.exe
1932	Unicorn-334.exe
4764	Unicorn-599.exe
2032	Unicorn-8005.exe
2864	Unicorn-10805.exe
1224	Unicorn-13598.exe
2888	Unicorn-62607.exe
3876	Unicorn-27216.exe
1844	Unicorn-23686.exe
2264	Unicorn-9159.exe
2532	Unicorn-16870.exe
2692	Unicorn-17136.exe
4376	Unicorn-41640.exe
4548	Unicorn-21774.exe
1616	Unicorn-60206.exe
4940	Unicorn-8199.exe
3388	Unicorn-60014.exe
4032	Unicorn-52112.exe
4840	Unicorn-2911.exe
3828	Unicorn-15526.exe
1244	Unicorn-15526.exe
4440	Unicorn-26264.exe
1252	Unicorn-1494.exe
1440	Unicorn-1567.exe
2956	Unicorn-26648.exe
3084	Unicorn-6782.exe
5008	Unicorn-39646.exe
1728	Unicorn-2143.exe
764	Unicorn-20325.exe
1572	Unicorn-34624.exe
1072	Unicorn-51152.exe
2820	Unicorn-34624.exe
4000	Unicorn-58558.exe
4676	Unicorn-34624.exe
2568	Unicorn-534.exe
1144	Unicorn-14269.exe
3256	Unicorn-42022.exe
1776	Unicorn-36160.exe
1036	Unicorn-44328.exe
3564	Unicorn-40990.exe
2896	Unicorn-54726.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
3804	1376	WerFault.exe	92
4948	4260	WerFault.exe	111
3012	4764	WerFault.exe	113
5868	2956	WerFault.exe	135
5840	1072	WerFault.exe	143
7844	4064	WerFault.exe	187
9048	1612	WerFault.exe	189
8720	5764	WerFault.exe	252
9716	5736	WerFault.exe	251
9736	3308	WerFault.exe	250
10712	6996	WerFault.exe	299
14980	6380	WerFault.exe	269
15060	6340	WerFault.exe	267
17344	7868	WerFault.exe	331

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4884	dwm.exe
Token: SeChangeNotifyPrivilege	4884	dwm.exe
Token: 33	4884	dwm.exe
Token: SeIncBasePriorityPrivilege	4884	dwm.exe
Token: SeCreateGlobalPrivilege	12812	Process not Found
Token: SeChangeNotifyPrivilege	12812	Process not Found
Token: 33	12812	Process not Found
Token: SeIncBasePriorityPrivilege	12812	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe
1952	Unicorn-19120.exe
3248	Unicorn-27584.exe
1424	Unicorn-7718.exe
5072	Unicorn-37008.exe
5004	Unicorn-33478.exe
2124	Unicorn-20288.exe
4616	Unicorn-22325.exe
1376	Unicorn-64304.exe
3128	Unicorn-3406.exe
3696	Unicorn-47968.exe
1624	Unicorn-57982.exe
4880	Unicorn-39608.exe
3932	Unicorn-11574.exe
2256	Unicorn-14911.exe
3824	Unicorn-62887.exe
3928	Unicorn-14439.exe
3504	Unicorn-22608.exe
3164	Unicorn-24645.exe
5080	Unicorn-3318.exe
2292	Unicorn-46463.exe
884	Unicorn-25488.exe
1924	Unicorn-17128.exe
2864	Unicorn-10805.exe
2948	Unicorn-33656.exe
4764	Unicorn-599.exe
4260	Unicorn-599.exe
1932	Unicorn-334.exe
2032	Unicorn-8005.exe
1224	Unicorn-13598.exe
2888	Unicorn-62607.exe
3876	Unicorn-27216.exe
1844	Unicorn-23686.exe
2264	Unicorn-9159.exe
2532	Unicorn-16870.exe
2692	Unicorn-17136.exe
4376	Unicorn-41640.exe
4548	Unicorn-21774.exe
1616	Unicorn-60206.exe
4940	Unicorn-8199.exe
3388	Unicorn-60014.exe
4032	Unicorn-52112.exe
4840	Unicorn-2911.exe
1244	Unicorn-15526.exe
3828	Unicorn-15526.exe
4440	Unicorn-26264.exe
1252	Unicorn-1494.exe
1440	Unicorn-1567.exe
2956	Unicorn-26648.exe
3084	Unicorn-6782.exe
764	Unicorn-20325.exe
1728	Unicorn-2143.exe
5008	Unicorn-39646.exe
1572	Unicorn-34624.exe
2568	Unicorn-534.exe
3256	Unicorn-42022.exe
4000	Unicorn-58558.exe
4676	Unicorn-34624.exe
1072	Unicorn-51152.exe
2820	Unicorn-34624.exe
1144	Unicorn-14269.exe
1776	Unicorn-36160.exe
1036	Unicorn-44328.exe
3564	Unicorn-40990.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 1952	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	85
PID 3728 wrote to memory of 1952	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	85
PID 3728 wrote to memory of 1952	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	85
PID 1952 wrote to memory of 3248	1952	Unicorn-19120.exe	86
PID 1952 wrote to memory of 3248	1952	Unicorn-19120.exe	86
PID 1952 wrote to memory of 3248	1952	Unicorn-19120.exe	86
PID 3728 wrote to memory of 1424	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	87
PID 3728 wrote to memory of 1424	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	87
PID 3728 wrote to memory of 1424	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	87
PID 3248 wrote to memory of 5072	3248	Unicorn-27584.exe	88
PID 3248 wrote to memory of 5072	3248	Unicorn-27584.exe	88
PID 3248 wrote to memory of 5072	3248	Unicorn-27584.exe	88
PID 1952 wrote to memory of 5004	1952	Unicorn-19120.exe	89
PID 1952 wrote to memory of 5004	1952	Unicorn-19120.exe	89
PID 1952 wrote to memory of 5004	1952	Unicorn-19120.exe	89
PID 1424 wrote to memory of 2124	1424	Unicorn-7718.exe	90
PID 1424 wrote to memory of 2124	1424	Unicorn-7718.exe	90
PID 1424 wrote to memory of 2124	1424	Unicorn-7718.exe	90
PID 3728 wrote to memory of 4616	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	91
PID 3728 wrote to memory of 4616	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	91
PID 3728 wrote to memory of 4616	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	91
PID 5072 wrote to memory of 1376	5072	Unicorn-37008.exe	92
PID 5072 wrote to memory of 1376	5072	Unicorn-37008.exe	92
PID 5072 wrote to memory of 1376	5072	Unicorn-37008.exe	92
PID 3248 wrote to memory of 3128	3248	Unicorn-27584.exe	93
PID 3248 wrote to memory of 3128	3248	Unicorn-27584.exe	93
PID 3248 wrote to memory of 3128	3248	Unicorn-27584.exe	93
PID 5004 wrote to memory of 3696	5004	Unicorn-33478.exe	95
PID 5004 wrote to memory of 3696	5004	Unicorn-33478.exe	95
PID 5004 wrote to memory of 3696	5004	Unicorn-33478.exe	95
PID 2124 wrote to memory of 2256	2124	Unicorn-20288.exe	98
PID 2124 wrote to memory of 2256	2124	Unicorn-20288.exe	98
PID 2124 wrote to memory of 2256	2124	Unicorn-20288.exe	98
PID 1952 wrote to memory of 1624	1952	Unicorn-19120.exe	97
PID 1952 wrote to memory of 1624	1952	Unicorn-19120.exe	97
PID 1952 wrote to memory of 1624	1952	Unicorn-19120.exe	97
PID 1424 wrote to memory of 3932	1424	Unicorn-7718.exe	99
PID 1424 wrote to memory of 3932	1424	Unicorn-7718.exe	99
PID 1424 wrote to memory of 3932	1424	Unicorn-7718.exe	99
PID 4616 wrote to memory of 4880	4616	Unicorn-22325.exe	100
PID 4616 wrote to memory of 4880	4616	Unicorn-22325.exe	100
PID 4616 wrote to memory of 4880	4616	Unicorn-22325.exe	100
PID 3728 wrote to memory of 3824	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	101
PID 3728 wrote to memory of 3824	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	101
PID 3728 wrote to memory of 3824	3728	2ee4f966288dfd2570bf1eb3159b0f60N.exe	101
PID 3128 wrote to memory of 3928	3128	Unicorn-3406.exe	103
PID 3128 wrote to memory of 3928	3128	Unicorn-3406.exe	103
PID 3128 wrote to memory of 3928	3128	Unicorn-3406.exe	103
PID 3696 wrote to memory of 3504	3696	Unicorn-47968.exe	104
PID 3696 wrote to memory of 3504	3696	Unicorn-47968.exe	104
PID 3696 wrote to memory of 3504	3696	Unicorn-47968.exe	104
PID 3248 wrote to memory of 3164	3248	Unicorn-27584.exe	105
PID 3248 wrote to memory of 3164	3248	Unicorn-27584.exe	105
PID 3248 wrote to memory of 3164	3248	Unicorn-27584.exe	105
PID 5004 wrote to memory of 5080	5004	Unicorn-33478.exe	106
PID 5004 wrote to memory of 5080	5004	Unicorn-33478.exe	106
PID 5004 wrote to memory of 5080	5004	Unicorn-33478.exe	106
PID 5072 wrote to memory of 2292	5072	Unicorn-37008.exe	107
PID 5072 wrote to memory of 2292	5072	Unicorn-37008.exe	107
PID 5072 wrote to memory of 2292	5072	Unicorn-37008.exe	107
PID 1624 wrote to memory of 1924	1624	Unicorn-57982.exe	108
PID 1624 wrote to memory of 1924	1624	Unicorn-57982.exe	108
PID 1624 wrote to memory of 1924	1624	Unicorn-57982.exe	108
PID 2256 wrote to memory of 884	2256	Unicorn-14911.exe	109

C:\Users\Admin\AppData\Local\Temp\2ee4f966288dfd2570bf1eb3159b0f60N.exe
"C:\Users\Admin\AppData\Local\Temp\2ee4f966288dfd2570bf1eb3159b0f60N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 468
        6⤵
        Program crash
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        9⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        9⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        9⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3062.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        8⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        8⤵
        
        PID:18336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56008.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        7⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        8⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        9⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
        8⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        8⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53439.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
        7⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        7⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        6⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        8⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        8⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        7⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        7⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        6⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        8⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        8⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        7⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        7⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        6⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        5⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        6⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        5⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
        9⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        9⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
        9⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
        8⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        7⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        8⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
        8⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        8⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        8⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        7⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13391.exe
        7⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        7⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53710.exe
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        9⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        8⤵
        
        PID:13956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        8⤵
        
        PID:17348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        7⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        8⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        6⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        7⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
        7⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        6⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        5⤵
        Executes dropped EXE
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        7⤵
        
        PID:14972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45439.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        6⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        6⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37888.exe
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21437.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16280.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
        7⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49880.exe
        7⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        5⤵
        
        PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        7⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        7⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        7⤵
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        6⤵
        
        PID:17764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        5⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56510.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        5⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        5⤵
        
        PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        5⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
        5⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        5⤵
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
      4⤵
      PID:15236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10369.exe
      4⤵
      PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        9⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        9⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        8⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45287.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        7⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        7⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26190.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55008.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        8⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        9⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        9⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        7⤵
        
        PID:16444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        6⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39632.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        8⤵
        
        PID:18420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        8⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        7⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        7⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
        6⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
        6⤵
        
        PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        6⤵
        
        PID:14856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        6⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        5⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        5⤵
        
        PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        7⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        7⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        6⤵
        
        PID:17992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        6⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        6⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
        7⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        6⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        6⤵
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24296.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        5⤵
        
        PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        6⤵
        
        PID:10232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5198.exe
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        5⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        5⤵
        
        PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        5⤵
        
        PID:17804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
      4⤵
      PID:16288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55742.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        8⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        7⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
        7⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25645.exe
        6⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        6⤵
        
        PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        7⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        7⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        6⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        6⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        5⤵
        
        PID:16524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        6⤵
        
        PID:12936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        6⤵
        
        PID:18028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        5⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        6⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16355.exe
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        5⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        5⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        5⤵
        
        PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        5⤵
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
      4⤵
      PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        7⤵
        
        PID:17856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        6⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
        5⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        5⤵
        
        PID:14616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
      4⤵
      PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
      4⤵
      PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46736.exe
      4⤵
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
      4⤵
      PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
      4⤵
      PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
      4⤵
      PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26482.exe
      4⤵
      PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
    3⤵
    PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
      4⤵
      PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
    3⤵
    PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
    3⤵
    PID:10524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
    3⤵
    PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
    3⤵
    PID:17664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57120.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
        9⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        9⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        9⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        9⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        7⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        7⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42158.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        7⤵
        
        PID:15512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        7⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        6⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        8⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64440.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        7⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
        6⤵
        
        PID:16760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        6⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        6⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        7⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        7⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        7⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35271.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        6⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        6⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8166.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35001.exe
        7⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
        6⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        5⤵
        
        PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        5⤵
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56559.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15936.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        5⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
      4⤵
      PID:16436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57800.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        8⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 652
        8⤵
        Program crash
        
        PID:15060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 660
        7⤵
        Program crash
        
        PID:9048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 716
        6⤵
        Program crash
        
        PID:5840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 708
        5⤵
        Program crash
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25478.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        6⤵
        
        PID:18412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        6⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32336.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        5⤵
        
        PID:8852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
      4⤵
      PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      4⤵
      PID:7500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        7⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        5⤵
        
        PID:13264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        5⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40976.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        6⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        6⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        5⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        5⤵
        
        PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
      4⤵
      PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17048.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        6⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        6⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        6⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        5⤵
        
        PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
      4⤵
      PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
      4⤵
      PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
    3⤵
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        5⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
        5⤵
        
        PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
      4⤵
      PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
    3⤵
    PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
      4⤵
      PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
      4⤵
      PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47792.exe
    3⤵
    PID:9028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
    3⤵
    PID:13036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
    3⤵
    PID:14980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
    3⤵
    PID:17992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        9⤵
        
        PID:14852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 636
        9⤵
        Program crash
        
        PID:17344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 600
        8⤵
        Program crash
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        7⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        7⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        5⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        7⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8733.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        6⤵
        
        PID:15096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        6⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        6⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        6⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 632
        7⤵
        Program crash
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46255.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38718.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13853.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        5⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5799.exe
        5⤵
        
        PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        5⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        5⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
      4⤵
      PID:13560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
      4⤵
      PID:17372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        6⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        5⤵
        
        PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        5⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8143.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        5⤵
        
        PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
      4⤵
      PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
      4⤵
      PID:18052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
      4⤵
      PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        6⤵
        
        PID:12200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 648
        6⤵
        Program crash
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        5⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
      4⤵
      PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      4⤵
      PID:7588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
    3⤵
    PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
    3⤵
    PID:10772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
    3⤵
    PID:15216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
    3⤵
    PID:18008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        7⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 664
        7⤵
        Program crash
        
        PID:9716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 636
        6⤵
        Program crash
        
        PID:7844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 724
        5⤵
        Program crash
        
        PID:5868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 724
      4⤵
      Program crash
      PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46207.exe
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        6⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
      4⤵
      PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
      4⤵
      PID:1280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
      4⤵
      PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
      4⤵
      PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
      4⤵
      PID:8432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
    3⤵
    PID:11004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
    3⤵
    PID:13580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
    3⤵
    PID:3836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
        5⤵
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 632
        6⤵
        Program crash
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        5⤵
        
        PID:15832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
      4⤵
      PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37190.exe
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
      4⤵
      PID:18380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
      4⤵
      PID:6468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
      4⤵
      PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
      4⤵
      PID:8612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
    3⤵
    PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64903.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      4⤵
      PID:18344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
    3⤵
    PID:10736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
    3⤵
    PID:14468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
    3⤵
    PID:17164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
      4⤵
      PID:16116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
      4⤵
      PID:18336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
    3⤵
    PID:9396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
    3⤵
    PID:13568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
    3⤵
    PID:16980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
  2⤵
  PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
      4⤵
      PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
      4⤵
      PID:7328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
    3⤵
    PID:10236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
    3⤵
    PID:13384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
    3⤵
    PID:16624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
  2⤵
  PID:8040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
  2⤵
  PID:10652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
  2⤵
  PID:3288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
  2⤵
  PID:16768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1376 -ip 1376
1⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4260 -ip 4260
1⤵
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4764 -ip 4764
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2956 -ip 2956
1⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1072 -ip 1072
1⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4064 -ip 4064
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1612 -ip 1612
1⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5764 -ip 5764
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5736 -ip 5736
1⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3308 -ip 3308
1⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6996 -ip 6996
1⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6380 -ip 6380
1⤵
PID:14912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6340 -ip 6340
1⤵
PID:15028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7868 -ip 7868
1⤵
PID:17188

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe

Filesize
184KB

MD5
e90db2a851e75f1972b447389d9f622b

SHA1
7c69270c2a6f14fb71436052650f40b69370cc0d

SHA256
8754b1f0ae8922316f1579360d0f0724aa9ba14c21a84267ffd11ce413804d60

SHA512
8f598286b4adf52ae70cbef1ada641e615d40773083bc3ac64de804e14ca9c08d60adcb051c84101e36b9b22e273884c543a753ae0626dd09d08b1b422de8468

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe

Filesize
184KB

MD5
60af7f8b2f5b2dcb0db027a1a3da44c6

SHA1
3de9e7984acc846731f38b29ec36aa5b20c31741

SHA256
eed7293569dcd4099f084d8bc442cde299aa152f26a590eb51700482f5474bb9

SHA512
2a97249055d2e2658b2b6da55b5d209142e41ea0d9b0b1c951359b0d72eba98265e20660609e0ef7c781b105c49fae05d6afa98201dc58fc63110dbc2e7b575d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13598.exe

Filesize
184KB

MD5
fad7f4fc47740c33e39a346d40d48d03

SHA1
1347f08d26ac128baee14ba8cdea6f03556ebc3a

SHA256
78c726140b2ddff53989d1c3c50e26255abbc4502187f627d0ce57e1bab414b0

SHA512
c5f2e2921067de9670a18d2fffe64623fc9244967b02f543c5a997be13de2674d29bd0cc86b3d05597538d346aecdd1abcccf971d7ca63c78f231350ddeb82dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe

Filesize
184KB

MD5
21cf8c82ba71f92c45545008f758460e

SHA1
f331d4695384b26bbf4bd8edf56b5c1b7bbf942f

SHA256
6cd936b64304cd4efd10b0b519ad7c1ca776aeb1f206f520d98ac1e3ef031390

SHA512
ea431bcfbcc11c097510846141c6e81579ea2e33c52a31b34aa82f61e7e79d9b01fb67965ba30bd71bee2c9377619c6fd556123188a6586f45711d97afe5a850

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe

Filesize
184KB

MD5
9577a8cd886170df43d2d0e358e00fd3

SHA1
9fe0054e994a33063b80879109536c093caad7a6

SHA256
40f401d6457d2c06d47c8f92f3de428a9dcbb67d97a0a362d2701f60aa2a5361

SHA512
90c76aa7034c3c09acc949d5bf7f7eee40fbe8432dea49ad22a48b894668d3c2d00db30c13f91f3d5a208705661378bae1e2e9268389f1bd208dafdfff0236c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe

Filesize
184KB

MD5
55f7d2bc7ae706f156f7a5c015ff477a

SHA1
790b01386af458dfe1eb1837effd8ee08b820d14

SHA256
14e2c75c3429cb1fdcbab728c097e6929cf6dea4afcae8fcae0ea9622e681539

SHA512
5c2f5aa84a8e69b13cd460549c4690627c9a83fd4bf0c06dada528c049efbdba943b1c753e5128ccbfe4a6167a0847c50969362147b3db9c9c37d15e2cbc1c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe

Filesize
184KB

MD5
f62f217c0776e8cd66227d9133a13f8c

SHA1
bdbba80f9c9ad9c8d90f268a44b1394b5baf8ba8

SHA256
5ddbd58afb4553ee088297b55ba75a123f2f41d80a8b9599852fa5a275058aaa

SHA512
1f975187d847e7e443af224324923587c632e17a0804026a4aa6be59e6dcf56d6e005d1f82031956ac4515a7f1fc62e27c9225ee8e422867c27d2866065429cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe

Filesize
184KB

MD5
d40e9b64b39db4dad27cfef8e12686e1

SHA1
4b16c37f3fbbbc3396702eaa02bcfdaa2717c398

SHA256
d8c38652e9bee0ba707db94cfa5fbd3065ecc8201c9e13517e093c3acaeece42

SHA512
12e9d7180cb43255a1db0b37c1dd4ce585de9835f2d51508d56dbbd51d35dc6ced444b63e0739c8da429b9cf14b9de35fc1806530dad1c10fa72ad3d245ce77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe

Filesize
184KB

MD5
67bfefd47a2883ae5065610aba18a21e

SHA1
c9d9b1a30ffbf82d893bb3dacf81d853b44b4c2f

SHA256
6c5b824aa40f97fd60e63a28fcdcea2c883b7e14051c0a554ea9b0a89f9d8b6d

SHA512
0b4f001dda145a70b22ebc8f995c06f730638f5a3c43aa5486c92fb907d286993ec43ca9a03b4ecb921432dde1cc3ab3a184c766575fd0d3ca32639281d1215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe

Filesize
184KB

MD5
02f776138f930e1d1195e597f358bff1

SHA1
d224fb9cab6f06ca93e2b9c810733337334ba2b6

SHA256
8e4fdfa590a0261ad45e5b82ccf0e519ef3ad64ba2e048d99ee14a0ef8022119

SHA512
ad51a64347e47eb734c163abe4fcae14bce6b1305ad9370af8c670e0e51b30c5d44c9bc74d595addc722272932180a75bcec8c0b1cfb415aae558742c12faa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe

Filesize
184KB

MD5
d77772ad82bd452958d2533d023491e0

SHA1
a27cd9dcb5498068356804de84000da2b5662b23

SHA256
e99544b6f905dd3414862d03851d577f6ad3daed547a0e178cb3c384e9f0156a

SHA512
cbe9fbeda4b651b9a78aca95679c8f1694e2e83e8c39debb2e28a70e5600cac7d8ed33ef600090e21d848f106cbb7cc3701f7ca3245e1931e0dec8987bbdcce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe

Filesize
184KB

MD5
18bb92b12ec7c0e2eae13333e2aaadc3

SHA1
615d4e5065ab690f8635ed75b015f0256c52367e

SHA256
d7741cb351df81efd8362ddd8db55fceb6f7962a02506ec66f7d978427d3620b

SHA512
ec053341102e2365a79bd94c531504d9b73d3f54b13a42df470ecfe9d1631179ae894bb86a30b1b4e2429a002b8243ba98fec8cf714d08001165bbd99f8bbd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe

Filesize
184KB

MD5
0b2d76bad4b10497980cc890c9172b37

SHA1
49d91813f5c2ff729393bc96daa99b2dfe2e23b2

SHA256
c522ada918a593fea818d6a1b20357d285056041982b65291b6d4375627ff723

SHA512
8e83331eec7ed596dee4ca3d0ddf6336e2661eb6529bb9733ba38ba760796c58f59daf7c9d372396a94cf47c9cd617aa156516da8c1b04e03fbbebeb539f25f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe

Filesize
184KB

MD5
d17e2d1b71da4b2de20fb2dd030e952e

SHA1
466471ea7d8bd14e46cb2970f33ff89e151536c9

SHA256
179b3d760db844e33e7e4abd91a282df9406e5284c769c044ba58f3a86c79253

SHA512
93959cd294c1b8e2a5a49056d3611309ad6327e459154cc8382188234732a1762fc5dfb51ef03fb696e79494b8463ca26c2db1f243201ec6a590ffac00ef0723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe

Filesize
184KB

MD5
161ebfd56f83ea412a5d97aa14d25ed3

SHA1
d29a589255082413d2e36db7e17ee65eeef7d5d1

SHA256
8aca73cd9c28c6a4c4d4a5c5b7a940347f16c2d4091e30e3e1805ade169169a0

SHA512
28a848b140c325a52012e3b817c5dfbd2090b2eeebc74b99b4abd41d8242349db38789dba05a31165a84f6a05448d3a239799446eccd7801641397a9b3545b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe

Filesize
184KB

MD5
cc76045792a519dc9c87f58614df7da8

SHA1
19df240fef307785c81009a9f8d9ce11d905e55b

SHA256
bf74aec1a962dfc2339a0d2f6d4330e86727b68131ad31de267e26784806b8b5

SHA512
162eb0226d530536ff2a1a545bc69926589664319571f39c6e5d33b251a179d112055e85574f0dbe45c51868c71ba0b28d3c023331991011cc2edac4f4669e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe

Filesize
184KB

MD5
70ffbbc8d5e07e581a7ebdd99321edcc

SHA1
62dc0463aa31181d30c4ca97c3f307f5a7f2d79e

SHA256
dfdd8d70acf2222d381f5f82cef0c751bdac3fae2cf37b278c7a29da23b6bc53

SHA512
49b9333e9d397aaaa5a7d9a2039a8cc93d1299247aff21120f2413799cecd8dfd588284d1c9fc0230bb17d207a51f970396e872b3746751d4c5a6fc2aa4481cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe

Filesize
184KB

MD5
cc2a39e13b6010e8e0650eab41bff7ce

SHA1
eb474335461ebde845b100e38062b0ad6edd95be

SHA256
2dee1fbb8dd01d76f4ebdd1ca6794c407f9274dff93cb38560165235d0f1cbd4

SHA512
cf766c7ea41cfe1af2baef97132c912934961fcdb4587d3ce4b39662b01664844a265373738ba52d408111b20e514871e8b6e90c665b672a93a919378a0afb5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe

Filesize
184KB

MD5
9c64eef6c5481298fb3e06d4f62d7a0b

SHA1
de910cce305eb85534716aa5e5ec8db88107211f

SHA256
4ddf99befab7ba56556cfe39e903ae9c91a18ae9824d4dfb23d0ba036a152961

SHA512
61c9a189a263aee90a9e7d35f13c6e398904b7e8bb29e5958c6a89bccc23cba14bddec3a2972f43987e7904deb9f2ffc13392f9719d2f9ad7d79f685e0900881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe

Filesize
184KB

MD5
a5b0894927f54a364dfb0172891aa061

SHA1
d23f975ac4a916464938555a673f070fb915a912

SHA256
f7e0c725d5f156ce8e9296c81143eb6c8e7899477eadb9202f48052999cfeebf

SHA512
13a15663304e5ebb1ce49ce1b599dacf25698cce40bd6c09857f203b7fec92145407d7232ca94358fd24bb5a6dcc5b97bc6864453eb788867b4667cf7f0d8b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe

Filesize
184KB

MD5
bc9eb2ee602288d5d69690abd755556b

SHA1
696fda17898d330c4f7783e928f3faf59919f959

SHA256
9d8b171ef152b79d4f8b5addd5fa51ce7a2339f2be7725bae97410e1ec0b10a0

SHA512
1a62c22c17b978f1d30216f40f00e7a52f640b9bc965f0bea0bebfb14d03268969f5b3ca8bc512f1fe89eedda0f2213172f9dc20915f7c238adafedabc58f222

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe

Filesize
184KB

MD5
6d2f6feda0921e9bcc4d6067d4ee5d39

SHA1
308c173c6fdaa3fa92b697e68bd0761e6776ac92

SHA256
7c16014f95df7d6c1112dd7a164a22fda9b076a0788dc40732bff035537c7900

SHA512
8fcc47ae7fd2b3c7dc8b40bcb763523e8a15f6b422b772d8df3034a1adcada471ad30fac3395f3efb89d2269460a20e722b6eff617d927774c62dd63fe49ac6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe

Filesize
184KB

MD5
1236503cb236b32976795a6b52b49a3b

SHA1
43a3284123c5939783b1f63eda5017d643083c0a

SHA256
6cb3019b34a173bed2e8fbdb30b45cb34d12a49d66ac3fa5fc49cc9acf17d6c7

SHA512
a6e5dd734dc6c6f3f03042a7ba3212a843d55fbd828fcf17a0fe570fccd74ff903775ba14c181eeee022d44194547dc971fdce36196417b6c40badcb70df8139

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe

Filesize
184KB

MD5
9341c71bd0b9e26550a762992e4e6b41

SHA1
ad24cf2e61a0d1929a3e89c4b03e4b2bd6352e21

SHA256
1341498c8acc29211a2d35103ded675c652bcd85c61564ba5dc25f43957d57bc

SHA512
ca5f4751051982dac28ba5e0bd2588ea13d2a99c7adcd8cfa4b1e72476bf3dd62e2270e4cf569b8d09549d1cdea4784a15016a5cfb82f63a8563c3a787a2968f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41198.exe

Filesize
184KB

MD5
2feac7473bde985c22fd455778184168

SHA1
be8a212e8b55739950984e90e4ec660507abca48

SHA256
80f6f1a2809cbf58d7d0b7cf17a3e3b720a41d90d39dc7223835e8a33f24c472

SHA512
dc3afc27e8f69bf808ce5543037361de597264814d450d61b4b30aead891ac3d643e9c5f0d282835334b71ef92432f07673b100921e7dd5ce65acd3df34c8cdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe

Filesize
184KB

MD5
651b1c24dabd600065999c49aab94a52

SHA1
407f23f56134e533601610dd4011a109db27d5ff

SHA256
33bf7374529f65f4aa54b0e6288b175d3da6d7dc9e750afba0926b78e3fe4591

SHA512
dc00bace9fcf531651eb2b17a1ac5702dd330687fc121c45c65625de96d2280c65efb1a9b948a61d42d0b9b863bf687afb46311eda78d4c01332027b94339e3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe

Filesize
184KB

MD5
78adab14702746fab46c0dc66c5cc210

SHA1
d6390ef558459bdb17e5d92cf44e3a1d5b393376

SHA256
a32f69bcedc81082809db246de9a5d8e0989d79184fb7ca06a07027e18d5c614

SHA512
4f9dcfb920338c80197e3a47287a1c8a55c348e7ea01d192bb0b4b05d079df49a08189aed6dc91ba97b6e32be0ea7bb0be8c85d9a5e1c73c51a9be5fe094fbd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47968.exe

Filesize
184KB

MD5
e42f28f8d8ae35b0e1a1a8ebe8fbb2ef

SHA1
71c2fa678a89f28bf232d8057a20a4fcb3c1a19a

SHA256
f396adf27275ba6fe14b909364b4106004d4fe915bbe1255b31bd079488770f7

SHA512
6cee6d9063720695f083b523efed35f126fd03e0392e530aff1bc920390fcbcbe796e4ef7af2d46f8fe6d86bc33675226fef3c5ef74232e1a7ccb03110b4b66f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe

Filesize
184KB

MD5
cf5f061b50718faf560c6a5652de2384

SHA1
64bea1746c84e97e9fb294fb6b448c7837765f1c

SHA256
dccdf37d10d2d2770c796e9d54d75e10ba87c9ac72d9b8a78a04978858be97f7

SHA512
c5b1c3255d31d6fec51c9172799b07db223a330d4408431da4c76b3a582af54fbd9e376d6b2a3b10296f2c49237e6ddd79dec99db66898a1e117c0301ddd4fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe

Filesize
184KB

MD5
c62edcc3ea43fd24437b84587c7ea088

SHA1
c2d718ddaae6ebdee6ddf73820d9018bebd829df

SHA256
e9829b14d41da54f17c2801820026ced06f2a69d795fe97c6d232ba3075d7273

SHA512
570c109b28c376cbc6cabedf79ca6a50e94fbf1c563dba8d74fae6d052ed4ee2714f1c0e1892c5b94c2f89371c97e993cddcea1a77ada0fb09735fa725afbdac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe

Filesize
184KB

MD5
cbe0fa2963c9e56806aa0b0fadf9a2fd

SHA1
d56fe2249ac622317aeea1b79ede0589f279dace

SHA256
d09617b68f5e59412469b38eba3e88c976530b0b538aa67900e21136968a7a68

SHA512
8dfe26e3a059c1c298b58f4fb44efe3bed013f83b16e9c6479da218b494492e981329b46a5114fba96a51dd682369c4d412b2a7387fdbfb70412cc75a2271edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe

Filesize
184KB

MD5
f3f90447408fa31e190294d6b042586d

SHA1
fe02501eea283b88076afbffd3616219f41491b9

SHA256
1d24104cbec34b5e22d7fedaf35cdedb2b7c0073e59012bca3f6a7b15bf5d294

SHA512
49907e3a9962c80850a8856021c5623425027fdad7d58c32238bc00ca4476482a052c27421893086470776251f668a5250028b6f8eb8f87ec94f4b49a2adeaff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe

Filesize
184KB

MD5
d5dbda416c351b302f0d2eaef5f1a9bf

SHA1
b5a535911122cb539bae7e233ece4a752bc8251b

SHA256
546a6021527f64dff8e797a778b4046ad2f116ee5001be95e7a3d2a7ceba385f

SHA512
f9461bc8f2c13fe8fd94b3a3e0a8bc2ff70901965068c4b4a4e1d1b04d53d9423b359699c5709d180bc85e54b6f65cb617060aafc025a8296afb5bffeabfbcd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe

Filesize
184KB

MD5
688f2d618823dfdcc227f3dbf738a38b

SHA1
3ccad1215f5920f7ffdb204601b2a5090f9c832b

SHA256
63b22ebde7ab370436e407b78c78761ab3cd044bc92c0bae234fc46030b728d3

SHA512
69e5689ab0387e1f0d660993bea83d3aef4002307465cc22be4d747554f47e6fe5cab919ec4c046a7bdb79dfd9de50a6de8b6b86f6554a1650bcdf82ae65f030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe

Filesize
184KB

MD5
fbb743e51ddb74dd022ffb83c6e88f74

SHA1
ba350dba556dc39291d42c06782086735d5212c8

SHA256
403d474b5a6f4756294518f0f0572bea26cda16adc3371b18eb00d7476de7192

SHA512
036866bbbd4b355e8e92ceecfebf60f4fd9305dadc7bc7a5ae2d65395424497dd4b5ce7a04ca5be0b0313e0ba860683c3cfda4d2184b7ba02760b4d546811a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9159.exe

Filesize
184KB

MD5
6f2316dfba301d5723c5dcd2dbd412fc

SHA1
cab9cfd3da78e408a374c711d9765d6524397635

SHA256
955b23ad3e6ace462a9d479adca3f22d0667c360d93f4fcdb2932596da2c1bdc

SHA512
b014a199433f5a180a1f410ea87342d7e93651656ade77acbc97b5adb29519713f78f93e5c2afffc145391aab33b78e4870ac1f7677054c270e3c51edeadcfd4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads