7aabb58293c87e66047f8e1a2a7ac43ed92cdc44c9dd35ecb7efe72ff60a78d0

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe
Size

468KB
MD5

09054a99f06743bf5013b70f33a09760
SHA1

546bb9540616018fcfb32b6d7d688e15bcef9471
SHA256

7aabb58293c87e66047f8e1a2a7ac43ed92cdc44c9dd35ecb7efe72ff60a78d0
SHA512

b65f21dde97634673b618c29e98b22ec91190b650bc3b6eec6e0a1c823a63edc15c68e9c423da6898c8996cd792ee12640b2acdc170142d510b23bca39c18f96
SSDEEP

3072:tbAgogIdh05YtbYFPzcjff8/WChyPaplfmHCxEhq4D0LARwu3sEh:tbTo58YtyP4jffpSHx4DOIwu3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4768	Unicorn-5393.exe
4024	Unicorn-43302.exe
4548	Unicorn-35688.exe
4468	Unicorn-1475.exe
3224	Unicorn-26534.exe
1992	Unicorn-46400.exe
2284	Unicorn-17711.exe
5040	Unicorn-42098.exe
3604	Unicorn-38014.exe
3972	Unicorn-13317.exe
1996	Unicorn-7187.exe
4596	Unicorn-13317.exe
3280	Unicorn-58989.exe
5100	Unicorn-43779.exe
1200	Unicorn-61588.exe
3612	Unicorn-47106.exe
2448	Unicorn-29378.exe
3180	Unicorn-16380.exe
116	Unicorn-39492.exe
4588	Unicorn-4703.exe
4232	Unicorn-29299.exe
3340	Unicorn-619.exe
1416	Unicorn-47682.exe
1420	Unicorn-12871.exe
1540	Unicorn-23178.exe
4572	Unicorn-22913.exe
2064	Unicorn-34038.exe
2240	Unicorn-40890.exe
4284	Unicorn-29954.exe
1568	Unicorn-21808.exe
4812	Unicorn-17458.exe
3236	Unicorn-58564.exe
3228	Unicorn-48813.exe
2836	Unicorn-15393.exe
2948	Unicorn-35906.exe
4580	Unicorn-20246.exe
4408	Unicorn-5755.exe
4344	Unicorn-10494.exe
3784	Unicorn-55440.exe
3248	Unicorn-8932.exe
2688	Unicorn-28798.exe
4508	Unicorn-59524.exe
4824	Unicorn-28798.exe
2540	Unicorn-47080.exe
464	Unicorn-42996.exe
3516	Unicorn-37520.exe
1176	Unicorn-37520.exe
264	Unicorn-17.exe
3732	Unicorn-45689.exe
2408	Unicorn-30744.exe
4624	Unicorn-5278.exe
3572	Unicorn-30479.exe
3584	Unicorn-61370.exe
4984	Unicorn-1963.exe
2440	Unicorn-4001.exe
1616	Unicorn-55803.exe
3424	Unicorn-1201.exe
548	Unicorn-24906.exe
3036	Unicorn-956.exe
3272	Unicorn-20822.exe
2528	Unicorn-24143.exe
1320	Unicorn-49986.exe
4840	Unicorn-11091.exe
3152	Unicorn-21398.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
7084	5252	WerFault.exe	222
9888	6796	WerFault.exe	252
14112	11684	WerFault.exe
14192	13084	WerFault.exe	611
14216	6856	WerFault.exe	256
15188	6880	WerFault.exe	259
5272	16628	WerFault.exe	872
10904	9284	Process not Found	422

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	9868	Process not Found
Token: SeChangeNotifyPrivilege	9868	Process not Found
Token: 33	9868	Process not Found
Token: SeIncBasePriorityPrivilege	9868	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe
4768	Unicorn-5393.exe
4024	Unicorn-43302.exe
4548	Unicorn-35688.exe
3224	Unicorn-26534.exe
4468	Unicorn-1475.exe
1992	Unicorn-46400.exe
2284	Unicorn-17711.exe
5040	Unicorn-42098.exe
3280	Unicorn-58989.exe
3604	Unicorn-38014.exe
1996	Unicorn-7187.exe
3972	Unicorn-13317.exe
5100	Unicorn-43779.exe
4596	Unicorn-13317.exe
1200	Unicorn-61588.exe
3612	Unicorn-47106.exe
2448	Unicorn-29378.exe
3180	Unicorn-16380.exe
1420	Unicorn-12871.exe
4232	Unicorn-29299.exe
3340	Unicorn-619.exe
1540	Unicorn-23178.exe
4588	Unicorn-4703.exe
1416	Unicorn-47682.exe
4572	Unicorn-22913.exe
2240	Unicorn-40890.exe
2064	Unicorn-34038.exe
4284	Unicorn-29954.exe
1568	Unicorn-21808.exe
4812	Unicorn-17458.exe
3236	Unicorn-58564.exe
3228	Unicorn-48813.exe
2836	Unicorn-15393.exe
2948	Unicorn-35906.exe
4580	Unicorn-20246.exe
224	Unicorn-63224.exe
4408	Unicorn-5755.exe
4344	Unicorn-10494.exe
3784	Unicorn-55440.exe
3248	Unicorn-8932.exe
4824	Unicorn-28798.exe
4508	Unicorn-59524.exe
2688	Unicorn-28798.exe
2540	Unicorn-47080.exe
3516	Unicorn-37520.exe
464	Unicorn-42996.exe
3732	Unicorn-45689.exe
264	Unicorn-17.exe
2408	Unicorn-30744.exe
2440	Unicorn-4001.exe
4624	Unicorn-5278.exe
3572	Unicorn-30479.exe
1176	Unicorn-37520.exe
4984	Unicorn-1963.exe
1616	Unicorn-55803.exe
3424	Unicorn-1201.exe
3584	Unicorn-61370.exe
3036	Unicorn-956.exe
548	Unicorn-24906.exe
2528	Unicorn-24143.exe
3272	Unicorn-20822.exe
1320	Unicorn-49986.exe
4068	Unicorn-33650.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4768	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	86
PID 2452 wrote to memory of 4768	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	86
PID 2452 wrote to memory of 4768	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	86
PID 4768 wrote to memory of 4024	4768	Unicorn-5393.exe	91
PID 4768 wrote to memory of 4024	4768	Unicorn-5393.exe	91
PID 4768 wrote to memory of 4024	4768	Unicorn-5393.exe	91
PID 2452 wrote to memory of 4548	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 4548	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 4548	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	92
PID 4024 wrote to memory of 4468	4024	Unicorn-43302.exe	94
PID 4024 wrote to memory of 4468	4024	Unicorn-43302.exe	94
PID 4024 wrote to memory of 4468	4024	Unicorn-43302.exe	94
PID 4768 wrote to memory of 3224	4768	Unicorn-5393.exe	95
PID 4768 wrote to memory of 3224	4768	Unicorn-5393.exe	95
PID 4768 wrote to memory of 3224	4768	Unicorn-5393.exe	95
PID 4548 wrote to memory of 1992	4548	Unicorn-35688.exe	96
PID 4548 wrote to memory of 1992	4548	Unicorn-35688.exe	96
PID 4548 wrote to memory of 1992	4548	Unicorn-35688.exe	96
PID 2452 wrote to memory of 2284	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 2284	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 2284	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	97
PID 4468 wrote to memory of 5040	4468	Unicorn-1475.exe	100
PID 4468 wrote to memory of 5040	4468	Unicorn-1475.exe	100
PID 4468 wrote to memory of 5040	4468	Unicorn-1475.exe	100
PID 3224 wrote to memory of 3604	3224	Unicorn-26534.exe	101
PID 3224 wrote to memory of 3604	3224	Unicorn-26534.exe	101
PID 3224 wrote to memory of 3604	3224	Unicorn-26534.exe	101
PID 2284 wrote to memory of 3972	2284	Unicorn-17711.exe	102
PID 2284 wrote to memory of 3972	2284	Unicorn-17711.exe	102
PID 2284 wrote to memory of 3972	2284	Unicorn-17711.exe	102
PID 1992 wrote to memory of 4596	1992	Unicorn-46400.exe	103
PID 1992 wrote to memory of 4596	1992	Unicorn-46400.exe	103
PID 1992 wrote to memory of 4596	1992	Unicorn-46400.exe	103
PID 4768 wrote to memory of 1996	4768	Unicorn-5393.exe	104
PID 4768 wrote to memory of 1996	4768	Unicorn-5393.exe	104
PID 4768 wrote to memory of 1996	4768	Unicorn-5393.exe	104
PID 4024 wrote to memory of 3280	4024	Unicorn-43302.exe	105
PID 4024 wrote to memory of 3280	4024	Unicorn-43302.exe	105
PID 4024 wrote to memory of 3280	4024	Unicorn-43302.exe	105
PID 2452 wrote to memory of 5100	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 5100	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 5100	2452	09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe	106
PID 4548 wrote to memory of 1200	4548	Unicorn-35688.exe	107
PID 4548 wrote to memory of 1200	4548	Unicorn-35688.exe	107
PID 4548 wrote to memory of 1200	4548	Unicorn-35688.exe	107
PID 5040 wrote to memory of 3612	5040	Unicorn-42098.exe	108
PID 5040 wrote to memory of 3612	5040	Unicorn-42098.exe	108
PID 5040 wrote to memory of 3612	5040	Unicorn-42098.exe	108
PID 4468 wrote to memory of 2448	4468	Unicorn-1475.exe	109
PID 4468 wrote to memory of 2448	4468	Unicorn-1475.exe	109
PID 4468 wrote to memory of 2448	4468	Unicorn-1475.exe	109
PID 3972 wrote to memory of 3180	3972	Unicorn-13317.exe	110
PID 3972 wrote to memory of 3180	3972	Unicorn-13317.exe	110
PID 3972 wrote to memory of 3180	3972	Unicorn-13317.exe	110
PID 2284 wrote to memory of 116	2284	Unicorn-17711.exe	111
PID 2284 wrote to memory of 116	2284	Unicorn-17711.exe	111
PID 2284 wrote to memory of 116	2284	Unicorn-17711.exe	111
PID 3280 wrote to memory of 4588	3280	Unicorn-58989.exe	112
PID 3280 wrote to memory of 4588	3280	Unicorn-58989.exe	112
PID 3280 wrote to memory of 4588	3280	Unicorn-58989.exe	112
PID 4024 wrote to memory of 4232	4024	Unicorn-43302.exe	113
PID 4024 wrote to memory of 4232	4024	Unicorn-43302.exe	113
PID 4024 wrote to memory of 4232	4024	Unicorn-43302.exe	113
PID 3604 wrote to memory of 3340	3604	Unicorn-38014.exe	114

C:\Users\Admin\AppData\Local\Temp\09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\09054a99f06743bf5013b70f33a09760_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        11⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        11⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
        10⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        10⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        10⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        9⤵
        
        PID:16296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        9⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        10⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
        10⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        9⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39702.exe
        9⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        8⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
        7⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        9⤵
        
        PID:12728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        9⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        8⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
        8⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        9⤵
        
        PID:15584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        9⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        7⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        7⤵
        Executes dropped EXE
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        9⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        10⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        10⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        9⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        9⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        9⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        9⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        8⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23147.exe
        8⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        8⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21388.exe
        9⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        9⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38356.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
        7⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        7⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        6⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        7⤵
        Executes dropped EXE
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        9⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        10⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        9⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        9⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        9⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        9⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        8⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24491.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        7⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        9⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        8⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        7⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        7⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        6⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        6⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57168.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        8⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10781.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        9⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        9⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        8⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        7⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        7⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        7⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        7⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        7⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        7⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        6⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        6⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 488
        7⤵
        Program crash
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        6⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        7⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        6⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        6⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        6⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40799.exe
        5⤵
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        9⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        9⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        8⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        9⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        8⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        7⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        9⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        7⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        6⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13967.exe
        6⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        7⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        7⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        7⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        7⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        7⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        6⤵
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
        5⤵
        
        PID:16204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        9⤵
        
        PID:16628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16628 -s 460
        10⤵
        Program crash
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        9⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        7⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        7⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        7⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        7⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        6⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        5⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        5⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        6⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        6⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        6⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        5⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        5⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        5⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        5⤵
        
        PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45852.exe
      4⤵
      PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
      4⤵
      PID:15904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        10⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        10⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        10⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        9⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        9⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        9⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37869.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57977.exe
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3477.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3006.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55279.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        6⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        8⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        8⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        7⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
        6⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        7⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        7⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        7⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        6⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48108.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        7⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
        5⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        9⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        8⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        6⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        6⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        5⤵
        
        PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        6⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        7⤵
        
        PID:13536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        6⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        6⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        5⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        6⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        5⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
        5⤵
        
        PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7894.exe
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        
        PID:6796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 616
        6⤵
        Program crash
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        5⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        5⤵
        
        PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      4⤵
      PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        7⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        7⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
        7⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        7⤵
        
        PID:16700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
        7⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        6⤵
        
        PID:16008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        6⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        7⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:16956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        6⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
        5⤵
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37042.exe
      4⤵
      PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
      4⤵
      PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        7⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        6⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        5⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53178.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        5⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        5⤵
        
        PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
        6⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        5⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        5⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
      4⤵
      PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        5⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      4⤵
      PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        6⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        7⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        6⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20302.exe
      4⤵
      PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18456.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        5⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
      4⤵
      PID:6248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
    3⤵
    PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        5⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
        5⤵
        
        PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22543.exe
      4⤵
      PID:14544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
      4⤵
      PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
      4⤵
      PID:13652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
    3⤵
    PID:10280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
    3⤵
    PID:15932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        8⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        9⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        9⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        8⤵
        
        PID:15404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24194.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        7⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        6⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        7⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        7⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        6⤵
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        9⤵
        
        PID:15568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 636
        8⤵
        Program crash
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        7⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        6⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
        6⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48132.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        7⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 692
        7⤵
        Program crash
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21043.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        6⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        6⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        6⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        5⤵
        
        PID:15792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50562.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        9⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        8⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        7⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        7⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        6⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        6⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        6⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11671.exe
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        6⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        5⤵
        
        PID:11060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        8⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13084 -s 212
        9⤵
        Program crash
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        5⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
      4⤵
      PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        7⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        7⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11684 -s 472
        8⤵
        Program crash
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        7⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9219.exe
        5⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        6⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        7⤵
        
        PID:12456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        6⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        6⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        5⤵
        
        PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        6⤵
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        5⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
      4⤵
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
        5⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        5⤵
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
      4⤵
      PID:16980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        5⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        7⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        7⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23841.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        5⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25804.exe
        6⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44038.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        5⤵
        
        PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
      4⤵
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
        6⤵
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12919.exe
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
      4⤵
      PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
      4⤵
      PID:16968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
    3⤵
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        5⤵
        
        PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
      4⤵
      PID:11584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
      4⤵
      PID:17004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
    3⤵
    PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
      4⤵
      PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        5⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28786.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
      4⤵
      PID:13148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
    3⤵
    PID:9816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
    3⤵
    PID:14456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    3⤵
    PID:1436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        9⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        9⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        6⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        8⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        7⤵
        
        PID:16744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44030.exe
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        8⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        8⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        7⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        6⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        6⤵
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        6⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        5⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        6⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        6⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        6⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        5⤵
        
        PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        7⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        6⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      4⤵
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        7⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        7⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        6⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44998.exe
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34917.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        5⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48330.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        5⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65444.exe
        5⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
      4⤵
      PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
    3⤵
    - Executes dropped EXE
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        5⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        7⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        7⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58787.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        6⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        6⤵
        
        PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19596.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        6⤵
        
        PID:11720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        5⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26842.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        7⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52695.exe
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
        6⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        6⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        5⤵
        
        PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
      4⤵
      PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        5⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
        5⤵
        
        PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      4⤵
      PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
      4⤵
      PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        6⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        5⤵
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
      4⤵
      PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        5⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        5⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
      4⤵
      PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        5⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        6⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        5⤵
        
        PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35548.exe
      4⤵
      PID:13924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
      4⤵
      PID:928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
    3⤵
    PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
      4⤵
      PID:1516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
    3⤵
    PID:10636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
    3⤵
    PID:15800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        6⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        7⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29867.exe
        6⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        7⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        6⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        6⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17672.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        6⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        5⤵
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        5⤵
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
      4⤵
      PID:5880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        6⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        5⤵
        
        PID:17224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        5⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        5⤵
        
        PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
      4⤵
      PID:10668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
      4⤵
      PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
      4⤵
      PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
      4⤵
      PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-198.exe
      4⤵
      PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
    3⤵
    PID:10644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
    3⤵
    PID:15712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        6⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        6⤵
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
        5⤵
        
        PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18844.exe
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
      4⤵
      PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
    3⤵
    PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
      4⤵
      PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
      4⤵
      PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
      4⤵
      PID:13084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      4⤵
      PID:13368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
    3⤵
    PID:8360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
    3⤵
    PID:12576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      4⤵
      PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
      4⤵
      PID:17156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8843.exe
    3⤵
    PID:10684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
    3⤵
    PID:15700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
  2⤵
  PID:5392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12373.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
      4⤵
      PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        5⤵
        
        PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
      4⤵
      PID:12496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
      4⤵
      PID:8352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
    3⤵
    PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
      4⤵
      PID:8008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
    3⤵
    PID:15116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
    3⤵
    PID:16872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
  2⤵
  PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
    3⤵
    PID:10764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
    3⤵
    PID:16876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
    3⤵
    PID:6612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
  2⤵
  PID:11068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
  2⤵
  PID:15916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5252 -ip 5252
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6796 -ip 6796
1⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 11684 -ip 11684
1⤵
PID:13416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 13084 -ip 13084
1⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6856 -ip 6856
1⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6880 -ip 6880
1⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4292 -ip 4292
1⤵
PID:14652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 14448 -ip 14448
1⤵
PID:2000

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 584 -p 3948 -ip 3948
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 16628 -ip 16628
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe

Filesize
468KB

MD5
b6ddec48162075d404f0b171a2f87f5c

SHA1
b7c89da9cf6efab49921ff066b7582682280bdd8

SHA256
b60323ca9b0f628e49c6216ab29510eaf019b68b03ff70d53afc42aa4e9dfb6f

SHA512
dbafe47b09fe7ae75a843c1733e56d33264988d3cd2742d4ec448dd24085bff02cb4936738cd7be84c6affb13d53b9fdfe4fe09f33f5378d698a94cd053d64dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe

Filesize
468KB

MD5
db3c76b4c907bbf5549df7971b39f550

SHA1
43cf6199ced2cded69096dd0e9c465a135c7cad3

SHA256
e739ad0c8d3d7e1dc1f50f216146dccaa5e2d908c9eb424dc5f3c650b741c0e0

SHA512
136550477a6d61b8f07557232661a6996a0e6aabaaab49425eaca16e83b57d99a7f2bf24578248174bf1bcb9dcb4488a603af4cff41b094e52901cb732b2b848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe

Filesize
468KB

MD5
8251f26cccdfe7112418d7e5f6b0c9b0

SHA1
5b7704a01896e1d072919d3c314b51bb8e739830

SHA256
83e4a84b059f3b989faa525c1c7563ef7c80f08656e52a9b198f2316466ab1fe

SHA512
3ad6276365c6896933e8601a80a3effd52d09e0b23f91de2dfa40a9ca88b8b2208322a9c1d6577ab5a65db05abc1cbebe5df7f8b39a4700583865050c44bf532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe

Filesize
468KB

MD5
837f6f4d6fb23e7f4b5cdbc72a650fc5

SHA1
bae999aff1773db3cb71bd6bce612f2d15f30fb3

SHA256
d145932764195837e36b3b3381f85cc8c524d36a22055f56cc33d5f23fe75299

SHA512
35810cb78bad5b6ef1ea029636115d2a900ece7d07474f76570b2894e954c1c03f4195f7caf6e10dc845e9d92fb1523ad22d3a3ce3e24c1d2e6c01090d632733

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe

Filesize
468KB

MD5
fddf8f6786e4ac9589298a5064c19b56

SHA1
d037ee27d5a4985251e412d35e3d2ee15a352a22

SHA256
62615ac73fca60a5a9de2c7bbbbb43ea5321f29d19474a6b12f6b12c7272074d

SHA512
0ad83d8b1d7b21d9031a83c07dc2e69b0402d7f757bc130a59d16804b5c5e06b4f1a032af5caee4723111277ef3b91b1e261bc865d9b4407bd1f2a579532c6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe

Filesize
468KB

MD5
db6f0ce66d3485f4cac232e992286754

SHA1
95d92ea9aa26eaa6df611efbe8bcd9ba1fff48d1

SHA256
37a634e11abe28b822690bd99eb2114b2e344f1c708558a8169813be646e872f

SHA512
9680ee9d3cdc960ed4225716a1b0498110c1d148789fc2e4f389bc5aee9c51d8c6e71a9349a45031893730a4e6e9594fe780c824bfd5c1d3a818759981fb1086

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe

Filesize
468KB

MD5
51cf4e50c6980faf83661c46c4b78aa0

SHA1
ba3f36ad9718df02a8996dda909b7ccaca1da60a

SHA256
188e2a84081319f036687cef450a4c61e362e725d2224ab9ff52f702ce99158d

SHA512
82318771cf052602e53fc6668beff61efa3827aae4a5ed1d6e44643793d2163817e8f2ae3ed679bf4bbc3cce4118d511c3f0cf69d9daa2c1f6dc41b8d988344d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22913.exe

Filesize
468KB

MD5
382cf560cf95e7d13d0a025def7c7cf7

SHA1
0fe106354c31e99772c8e65a0d29b7ca8d905a01

SHA256
3b96a3dcb0cc94e1729f0f7687824b2696e4bd3fb87296c4a20b5fa7ef276e07

SHA512
49653dcf1c9742c5db60f8178df98aba0feba50766b6da7ec37fb6b6c7f96a37da66327e7d01ede495f6ecf76a7ee7ca74494a2bd3bc14fd6aa4d6301d25c99e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe

Filesize
468KB

MD5
157dde4aacbbf1ea487576baf5a43049

SHA1
c449c5f3b20f3c5de7c3578eb8bc466f54b24f97

SHA256
bb64221b78bfe9cfd13b0344e73f3bf0cde6af2ba3d9872be150b92b43627b21

SHA512
4af667bc45d243ef8cccb83a8171c5806256174b4f18a8a089955ee1341f90cd1904409f2392b11472b06e9ef14f5af1c024c542c0a1ea5a562d360cd9b70bbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe

Filesize
468KB

MD5
d7170aefba814b6869fab494ef27edb8

SHA1
25c6500c99c0e667bee2eb1c04980625b9423256

SHA256
f4ea1a4d913746df8599c56c463ab0c441aed452b972b798c102be9b297ade3f

SHA512
49044906ce263dc1d677ba62e4e9879f20b611dd9715394ba5b1cd0c0fdc26956b4c553524b99f07a4032cedf95791ed0852456ac46c076a94044eee0d196ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe

Filesize
468KB

MD5
0e54e28a0dada2cd4914bbc7dd20f252

SHA1
c2fff17cf94dcc8f1cfdea61e046b65847ec8934

SHA256
1f1cd13bd6422e95f59b75385280b253deb9088b6c4f28819740f4745b365b40

SHA512
a63a658d668cc955d05f66743f79552bc452045b8aa76c9c9b902f73ed91a5ffd2bb5c75a3cf29e9046f8c0cb61ecb38a0332930d98cbec58e3891860705b558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe

Filesize
468KB

MD5
339150e5c0834145cafceba380237c11

SHA1
38fb739bd65c8511ad5cf0450f308086ce200a8f

SHA256
98044eb52bb5f58b34cfb9846732c52b271fbe69987e4112db9634b7919bbe0d

SHA512
141bd44c65c9cbb4c1c528a18f5984c4fbdc856b459a269a18dde7a9e4ce02dc3895caa12b9fff84b8593f13629900120d6d1b1b852be8fa941ee151e62a281e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe

Filesize
468KB

MD5
72310ec8fe2859d29b882443abcfb704

SHA1
ac65d3a8ffb2379c9629bda5869bce7bc2b5fd09

SHA256
b19e514f9305649a8f58c1cd200f482df50207a53fcdab0c970ce2130019bdb8

SHA512
7ce47ef06b710d3c541477c40fa972f8536e8ad7890bfdf397e9db8baf52838e3080ffd843b69a7dd4964e764c12d37dd55395476517622baab49e6b0159f7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe

Filesize
468KB

MD5
d34b03fa9b318074fb68546dd7b44901

SHA1
896369076a094183d0a45dabe43010b90029c74a

SHA256
8c52fff2e2b3d407f2998cb54092c891540ef846e555452ea6d7ea0a7beb8597

SHA512
818965bb64c1fe112a8fb97124f11a8f2b6d7d94d6d7bd7b514ae4ff98743fd0c294e87b1567c472706e00b72ef2bd9b9dbecafacccce1d4f5396062dbf0fab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe

Filesize
468KB

MD5
dc14f36c66b2cc243fc5b9bdf278182c

SHA1
201ed68e0db15269af66becf68a63725ea0be778

SHA256
35eff86536fcfe353f32e49aedcfb34c7e519ad591417f454fdf3e0d85b1f4cd

SHA512
a03706a1b8b6aea79ef045e66af30ececbb66aeb9ac12cffbcf3976f2c95d32cc5caae6542d784682dd393062a3a76634664fdde3b9573865494109e583c95fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe

Filesize
468KB

MD5
799ac848a20666b02e4e5d53178eb690

SHA1
6844699953dc83d1e40ba31a56ac74337f6870c1

SHA256
06f74328dd4186fb36aedfd1c6e9da082cc5d1ea747370ad224be539141a6028

SHA512
d9221048a4ed1baf867edeb50a907404fcd2ff8e01850abfde09f2ee25d0f3064288b99e86a6391b3d2ca6e63bbd85623ce0958842cc37dcb489799ac6117546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe

Filesize
468KB

MD5
e02340b69f6c3115f4ba8f06ee49cb5f

SHA1
301ae4d43be622db7336b13e2177ef94fae32c45

SHA256
aa0de60913f29dda4e4524273a441bac176fb9591553363bcef338f48d1f9187

SHA512
d956e470634ed2fd148ebac098ea4c744af1f2adacd87a56a0537909a37150f20b852e19833ffa0e3d500db8a9cda667b24fcde8d399a43bd8cef97dc096f019

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe

Filesize
468KB

MD5
e07d27a7c7a3b3c3e88718140794f69e

SHA1
1ce52f07ce688635af597f543fe363a99b9c5adc

SHA256
af1f883e3a5e186f9b0b86a33ff163231f6478d097f20f293509b5f39421b65b

SHA512
1bffa9c808b751c396e74f689d0d0f5d5ced12fc71948c7fc47fb53ad333a671f9ba7d4237b5816fdcc44fc90308d3769ebe24bdfa69e687e447012085922cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe

Filesize
468KB

MD5
9ce8ec8fc89b7d2bb29e0fe96174e188

SHA1
7fe100629eb34ba4f137dc71144c15873b81a969

SHA256
3483c364036950f66e73450e4fef4ed2b671165419b78a6f88fd300a10aec5e9

SHA512
574b3d4710c57138d9b3c637e517d48cd1be82bb13d319ba785a840e72aa8ca3a8e32dd695a2797ce5bab97cf1eccd7689331f918570984145346e50c45011ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe

Filesize
468KB

MD5
906c4716d9ac95034ad65be85d9208f1

SHA1
25bbb3a0769227be505be995173761ec418b20e2

SHA256
daba7f10e755a64d273e5a74e5230288e904c1ae7af76efce880bb53e5f88796

SHA512
ac1bd83b8eec9eff420471c9b709d711b2c02f1e55afa177586d0874e9bf0fd80b903db0d599bf8d8acb51ec19c4413a7498b3e4d00d006029625c408ac983f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe

Filesize
468KB

MD5
54116962f4f61e6f0392f7b6db6cbc68

SHA1
27aca265d87064465a6cd4ea805e93da27adcd80

SHA256
16e25bcd420bde57715968f7be4695fd31d718f0ad71c13f4b49b0f7658775b4

SHA512
c2987afa1ad1bf2c1ddfed524e4ce16c4c93f362c973591c21501862d7a85c96262b401b68291333791da0124440f4fece10dcb58e79af7c0e71366a0726b9d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe

Filesize
468KB

MD5
e4eb774760c197962854383515fadb4d

SHA1
8b7ceb0c053ce52f8de06f40080f21a56875daa1

SHA256
48e211d7ff00e9c8a81dd78f99f1b44a2182f941d899c7e6e1188f6befb277bf

SHA512
72e501971437b634050692b1ed0afe9a5b634cdbc988bec11b25fc957444e7cbddc86810b82ec99fe20217615b62515c949e8560ab77dbf56ba8f74fef923a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe

Filesize
468KB

MD5
9b5aff1d8beb1d1b5e9da006bf7b57fe

SHA1
1039ea1b24552b3ce551d9e0b02b7a2e4f6fe9fb

SHA256
0e5aa7ea0d4edbf0ea5fb2b51df70324ced311d2e77d6ceef9554753c6efeadf

SHA512
963347a6f85cad3266a208fb964a9b27263381a848b42198ea1fb1c45d4c803ce22a407ee4a4454f63aa39b3762fe55e5fa3a17491aa9e941637872f82a1b87b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe

Filesize
468KB

MD5
9a7fbc373bf894ad797c1d94e4b757b7

SHA1
02e5cd408611927403cf52a68d9dbee2adc41222

SHA256
7f6156b521d10f3d8a334102fb8fde668f99aadf042dd3a8eec11154b1c513f1

SHA512
c63f4fa76e69b60b32582ca76b5ff50f13e17c303b33e8bfdfe1877d32de097d1b514ebb4c6058dafb3ebec0fef3a4d707e7f877843fe3cb8f874bf6b45a6190

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe

Filesize
468KB

MD5
ca39093a71fc0e12f24e7885dfe1e409

SHA1
2af9cad424fa420faef79547743ecb6217253ee8

SHA256
f89e5e2f82ec1406b0001b5a161283c627c1f4e3662297791419ea4052b7e88f

SHA512
ad5ce356d58c6d50ec9e79edaeffa946669c62c4a28a2c42bbab4db41bb747b19260098b7817d9313dbfe5cb700beb7646eaa7a1dcfe7c1ac3fe018a31837220

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe

Filesize
468KB

MD5
b5fb00bd1dd66c08e40f67fdc58f60f4

SHA1
6e2fbb3a26c7b78196b63893458abda51ce539e2

SHA256
ddee18061171f404e33fdc3bd79b0183d91126d8d0483900c40391dced5ddac0

SHA512
1b1094cc6b782e1a4524ffb647819598dc0cdc62bb4b8920352e147744f4ac62a6c2a7e2369b00eb604ac48d4ab244d72328532bece781a8142fec9c03b9e934

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe

Filesize
468KB

MD5
7e92475e1b7f9531a61824fcf211e442

SHA1
fe7aafadf88e6b146e1c8c47f430810b9c35e1ea

SHA256
4d6ff35fd1b4fdc0c056694c6d879d47675bdf36ed675c04d1eb8bf818782a0e

SHA512
067929b8e9b42afd5b63f12e4d96f91f49c7d49fa68331816392515b41ff606b409694ed8820bf346a287bbf30610091ebca5d8d52c0ff06ee77e39ae15f9894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe

Filesize
468KB

MD5
d2fdb492d5a7fd4fa22b47eaa2da09cb

SHA1
90dd4203c66ee6b6589ab4f38afb77b127952b0e

SHA256
a6640c7ab4d2db05226a83277ec71bcf7a141d1611fd5d3b0ab310b501af24a5

SHA512
b8de9d34adab7aab243fa2be1790608cfd5afdbb83e850103b9c6700c55d62b065764cf77ee3eff13dfe5a734a1c032decb4ef892d3c3a50569a6e187c146c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe

Filesize
468KB

MD5
e3954ed45e39e808c489628bb6851183

SHA1
cd981d65d94ec0f656f87f9671139cd08a5388a9

SHA256
f17db7e751daf4ce9b4916e66efd35a878d0c2f0bc318dbaa37498d73fbd4213

SHA512
456a6762023b2fe57652e0b4e1c3d8a941053febee5e625e047aab93a60cc94ce8f47cf011c8a4348e8a772af3b1ed160f512f92564aed9e21f9e48afa294438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe

Filesize
468KB

MD5
7773dad76d3e99a598c36e3f1e07acb7

SHA1
a0135101a91899b482e8e12c9b7ea08c45688b9a

SHA256
686ba72fde8226266f949de750599e76b3681c1858305f0818f103e6a46668ee

SHA512
297ad6f0f6cb7dec4207a40757d5c667cdf4cfaecc88bd1a3d8f8aa6592dfb2287a48e0fd94413bf2d46ce4979e86a9c88c2bd85b277b8e03c222d42f2af5504

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe

Filesize
468KB

MD5
35490e82faa7c51ef194319350c54c1f

SHA1
c3284cf6a39215db0446a566c1c09572a99a1d13

SHA256
2caa09dd3d08a8733f187e79fe5015d987da029b0e3d6a9400cb08438a668077

SHA512
46aef0d30e4754ecfc9460d8b49a3030af770cfdf64a255d7ac75aa34827a90c94383dd519820ad91d0542a8c5925cd9f4c5298a9992589b744ef87ec14086ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe

Filesize
468KB

MD5
06c1d20744c8ad4812726c4d6fe1be64

SHA1
c0b2dbef2354364a91beffa55578e043c60f8916

SHA256
5f5e50eabd7bfeb6791b510eb85473ec117c824f14688af96457c0f9fa2a6f43

SHA512
88810d19701505ebcf2017ea7facd3fdab24ecf71e23747ad32b2f9c3e1ed53c9b6d5d0a01b6b5cf7f648a7833629f280cc54747cc035f2b9783b4087a8112b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe

Filesize
468KB

MD5
d438271b721510edbf9ec461f4f47e4c

SHA1
e53d8399309abde1e2433d7162f54ec57d46683f

SHA256
9e52702ca1097c051872e39f31b13d37f8884376c4a08ad5ef125e19a8b48783

SHA512
e6584755d288c1c349fd29f0d668788c0aba28d5c7b9067f8ef605b27107a67e546f9583dc7322158f9a76e4ecc85dd4849078aff2cb0589468c8e95b545efaf

Download Submit
memory/16840-2478-0x00007FF84B580000-0x00007FF84B5D9000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads