daa3d8d0ffdfbc513fbb69e76cdcb948dbe1c2b2e3b0d62170821ae25772a2cf

Analysis

max time kernel
150s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe
Size

184KB
MD5

640ec203b95ae1612e4b4ace3a1fb400
SHA1

1bf3767b3085ff1808e2f4dff003601468509cbd
SHA256

daa3d8d0ffdfbc513fbb69e76cdcb948dbe1c2b2e3b0d62170821ae25772a2cf
SHA512

d9cb9df09af31b9711bbe279e7f22c585ff32db1986923f6123ea0b1ac674ccbbc0aef7474267bd879f72463da7019d6a9beaaed492a86d12d239b94e0641e39
SSDEEP

3072:CZVevkonE20EdV62W+n8lCyq3vnpnmiuCSJ:CZPoOAV6G84yq3Ppnmiu3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
788	Unicorn-22680.exe
396	Unicorn-38632.exe
3752	Unicorn-2923.exe
1316	Unicorn-22504.exe
3228	Unicorn-52332.exe
2756	Unicorn-21928.exe
32	Unicorn-49923.exe
1832	Unicorn-25989.exe
3948	Unicorn-55516.exe
4336	Unicorn-8775.exe
528	Unicorn-51270.exe
2348	Unicorn-24536.exe
3304	Unicorn-40872.exe
4856	Unicorn-37726.exe
1760	Unicorn-24463.exe
2316	Unicorn-14468.exe
4712	Unicorn-10062.exe
4492	Unicorn-62024.exe
4568	Unicorn-45112.exe
5064	Unicorn-58988.exe
2276	Unicorn-12247.exe
4476	Unicorn-28584.exe
4788	Unicorn-45304.exe
4528	Unicorn-16005.exe
1884	Unicorn-9874.exe
432	Unicorn-65132.exe
1768	Unicorn-61676.exe
4312	Unicorn-8997.exe
3108	Unicorn-61676.exe
5020	Unicorn-7074.exe
544	Unicorn-9943.exe
3336	Unicorn-55807.exe
4964	Unicorn-60021.exe
2976	Unicorn-3621.exe
1288	Unicorn-39771.exe
4200	Unicorn-1412.exe
512	Unicorn-62543.exe
3308	Unicorn-18408.exe
5080	Unicorn-32091.exe
1924	Unicorn-18024.exe
2188	Unicorn-33710.exe
4852	Unicorn-4375.exe
4340	Unicorn-14005.exe
4512	Unicorn-19752.exe
1084	Unicorn-19752.exe
412	Unicorn-3607.exe
3080	Unicorn-19944.exe
4236	Unicorn-3835.exe
4332	Unicorn-4100.exe
1172	Unicorn-19368.exe
3504	Unicorn-52424.exe
4560	Unicorn-59631.exe
1552	Unicorn-63507.exe
4240	Unicorn-6523.exe
2104	Unicorn-658.exe
4776	Unicorn-52460.exe
3344	Unicorn-2190.exe
4224	Unicorn-19368.exe
2996	Unicorn-13125.exe
3352	Unicorn-59544.exe
3812	Unicorn-43243.exe
1876	Unicorn-12455.exe
4372	Unicorn-55718.exe
3768	Unicorn-12263.exe

Program crash 17 IoCs

pid	pid_target	Process	procid_target
6836	4440	WerFault.exe	164
7688	5280	WerFault.exe	193
2944	5148	WerFault.exe	188
9792	6316	WerFault.exe	252
9816	4196	WerFault.exe	185
10084	2712	WerFault.exe	186
9296	5148	WerFault.exe	188
10996	5352	WerFault.exe	280
13652	6724	WerFault.exe	296
14504	2396	WerFault.exe	279
2052	2396	WerFault.exe	279
18088	5296	WerFault.exe	281
16896	4296	WerFault.exe	970
6480	5476	WerFault.exe	1024
14300	6180	Process not Found	1057
16352	6880	Process not Found	1063
11144	6736	Process not Found	295

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16896	dwm.exe
Token: SeChangeNotifyPrivilege	16896	dwm.exe
Token: 33	16896	dwm.exe
Token: SeIncBasePriorityPrivilege	16896	dwm.exe
Token: SeCreateGlobalPrivilege	17236	Process not Found
Token: SeChangeNotifyPrivilege	17236	Process not Found
Token: 33	17236	Process not Found
Token: SeIncBasePriorityPrivilege	17236	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe
788	Unicorn-22680.exe
396	Unicorn-38632.exe
3752	Unicorn-2923.exe
1316	Unicorn-22504.exe
3228	Unicorn-52332.exe
2756	Unicorn-21928.exe
32	Unicorn-49923.exe
1832	Unicorn-25989.exe
3948	Unicorn-55516.exe
4336	Unicorn-8775.exe
2348	Unicorn-24536.exe
3304	Unicorn-40872.exe
1760	Unicorn-24463.exe
4856	Unicorn-37726.exe
528	Unicorn-51270.exe
2316	Unicorn-14468.exe
4712	Unicorn-10062.exe
4492	Unicorn-62024.exe
4568	Unicorn-45112.exe
5064	Unicorn-58988.exe
4476	Unicorn-28584.exe
2276	Unicorn-12247.exe
4788	Unicorn-45304.exe
1768	Unicorn-61676.exe
4528	Unicorn-16005.exe
3108	Unicorn-61676.exe
5020	Unicorn-7074.exe
4312	Unicorn-8997.exe
432	Unicorn-65132.exe
1884	Unicorn-9874.exe
544	Unicorn-9943.exe
3336	Unicorn-55807.exe
4964	Unicorn-60021.exe
2976	Unicorn-3621.exe
1288	Unicorn-39771.exe
4200	Unicorn-1412.exe
512	Unicorn-62543.exe
3308	Unicorn-18408.exe
5080	Unicorn-32091.exe
1924	Unicorn-18024.exe
4852	Unicorn-4375.exe
2188	Unicorn-33710.exe
4340	Unicorn-14005.exe
4512	Unicorn-19752.exe
1084	Unicorn-19752.exe
412	Unicorn-3607.exe
3080	Unicorn-19944.exe
3504	Unicorn-52424.exe
1172	Unicorn-19368.exe
4332	Unicorn-4100.exe
4560	Unicorn-59631.exe
4236	Unicorn-3835.exe
4240	Unicorn-6523.exe
4224	Unicorn-19368.exe
3344	Unicorn-2190.exe
1552	Unicorn-63507.exe
2104	Unicorn-658.exe
4776	Unicorn-52460.exe
2996	Unicorn-13125.exe
3352	Unicorn-59544.exe
3812	Unicorn-43243.exe
1876	Unicorn-12455.exe
4372	Unicorn-55718.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 788	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	90
PID 3040 wrote to memory of 788	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	90
PID 3040 wrote to memory of 788	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	90
PID 788 wrote to memory of 396	788	Unicorn-22680.exe	91
PID 788 wrote to memory of 396	788	Unicorn-22680.exe	91
PID 788 wrote to memory of 396	788	Unicorn-22680.exe	91
PID 3040 wrote to memory of 3752	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	92
PID 3040 wrote to memory of 3752	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	92
PID 3040 wrote to memory of 3752	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	92
PID 396 wrote to memory of 1316	396	Unicorn-38632.exe	93
PID 396 wrote to memory of 1316	396	Unicorn-38632.exe	93
PID 396 wrote to memory of 1316	396	Unicorn-38632.exe	93
PID 788 wrote to memory of 3228	788	Unicorn-22680.exe	94
PID 788 wrote to memory of 3228	788	Unicorn-22680.exe	94
PID 788 wrote to memory of 3228	788	Unicorn-22680.exe	94
PID 3752 wrote to memory of 2756	3752	Unicorn-2923.exe	95
PID 3752 wrote to memory of 2756	3752	Unicorn-2923.exe	95
PID 3752 wrote to memory of 2756	3752	Unicorn-2923.exe	95
PID 3040 wrote to memory of 32	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	96
PID 3040 wrote to memory of 32	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	96
PID 3040 wrote to memory of 32	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	96
PID 1316 wrote to memory of 1832	1316	Unicorn-22504.exe	97
PID 1316 wrote to memory of 1832	1316	Unicorn-22504.exe	97
PID 1316 wrote to memory of 1832	1316	Unicorn-22504.exe	97
PID 396 wrote to memory of 3948	396	Unicorn-38632.exe	98
PID 396 wrote to memory of 3948	396	Unicorn-38632.exe	98
PID 396 wrote to memory of 3948	396	Unicorn-38632.exe	98
PID 3228 wrote to memory of 4336	3228	Unicorn-52332.exe	99
PID 3228 wrote to memory of 4336	3228	Unicorn-52332.exe	99
PID 3228 wrote to memory of 4336	3228	Unicorn-52332.exe	99
PID 788 wrote to memory of 528	788	Unicorn-22680.exe	100
PID 788 wrote to memory of 528	788	Unicorn-22680.exe	100
PID 788 wrote to memory of 528	788	Unicorn-22680.exe	100
PID 2756 wrote to memory of 2348	2756	Unicorn-21928.exe	101
PID 2756 wrote to memory of 2348	2756	Unicorn-21928.exe	101
PID 2756 wrote to memory of 2348	2756	Unicorn-21928.exe	101
PID 32 wrote to memory of 3304	32	Unicorn-49923.exe	102
PID 32 wrote to memory of 3304	32	Unicorn-49923.exe	102
PID 32 wrote to memory of 3304	32	Unicorn-49923.exe	102
PID 3752 wrote to memory of 4856	3752	Unicorn-2923.exe	103
PID 3752 wrote to memory of 4856	3752	Unicorn-2923.exe	103
PID 3752 wrote to memory of 4856	3752	Unicorn-2923.exe	103
PID 3040 wrote to memory of 1760	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	104
PID 3040 wrote to memory of 1760	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	104
PID 3040 wrote to memory of 1760	3040	640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe	104
PID 1832 wrote to memory of 2316	1832	Unicorn-25989.exe	105
PID 1832 wrote to memory of 2316	1832	Unicorn-25989.exe	105
PID 1832 wrote to memory of 2316	1832	Unicorn-25989.exe	105
PID 1316 wrote to memory of 4712	1316	Unicorn-22504.exe	106
PID 1316 wrote to memory of 4712	1316	Unicorn-22504.exe	106
PID 1316 wrote to memory of 4712	1316	Unicorn-22504.exe	106
PID 4336 wrote to memory of 4492	4336	Unicorn-8775.exe	107
PID 4336 wrote to memory of 4492	4336	Unicorn-8775.exe	107
PID 4336 wrote to memory of 4492	4336	Unicorn-8775.exe	107
PID 3948 wrote to memory of 4568	3948	Unicorn-55516.exe	108
PID 3948 wrote to memory of 4568	3948	Unicorn-55516.exe	108
PID 3948 wrote to memory of 4568	3948	Unicorn-55516.exe	108
PID 3228 wrote to memory of 5064	3228	Unicorn-52332.exe	109
PID 3228 wrote to memory of 5064	3228	Unicorn-52332.exe	109
PID 3228 wrote to memory of 5064	3228	Unicorn-52332.exe	109
PID 1760 wrote to memory of 2276	1760	Unicorn-24463.exe	110
PID 1760 wrote to memory of 2276	1760	Unicorn-24463.exe	110
PID 1760 wrote to memory of 2276	1760	Unicorn-24463.exe	110
PID 2348 wrote to memory of 4476	2348	Unicorn-24536.exe	111

C:\Users\Admin\AppData\Local\Temp\640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\640ec203b95ae1612e4b4ace3a1fb400_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        11⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        11⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        11⤵
        
        PID:17548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        10⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        10⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        10⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        9⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        9⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        9⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        9⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        8⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        9⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        10⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        9⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        9⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        9⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        9⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        8⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        8⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        8⤵
        
        PID:18276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51096.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        9⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        9⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        9⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        8⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
        8⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        8⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 692
        9⤵
        Program crash
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        8⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        8⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        8⤵
        
        PID:16956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        8⤵
        
        PID:18300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        10⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        10⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49207.exe
        10⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        9⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        9⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35506.exe
        9⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        8⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12865.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        7⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 636
        8⤵
        Program crash
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        7⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        8⤵
        
        PID:17848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        7⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        7⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        6⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        6⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        7⤵
        Executes dropped EXE
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        9⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        9⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5247.exe
        9⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        9⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        9⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        8⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        7⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        7⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        8⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        7⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        7⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        7⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64505.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        8⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        8⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        8⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        8⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        7⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        7⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        7⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        6⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25960.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        6⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        5⤵
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        9⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        8⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        8⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10584.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
        6⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 720
        7⤵
        Program crash
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22778.exe
        6⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        8⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        8⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        7⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        6⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        6⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        6⤵
        
        PID:18356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37403.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        7⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        6⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        6⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41099.exe
        5⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        8⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        7⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        7⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        7⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        6⤵
        
        PID:14816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        7⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
        6⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
        6⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        5⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        5⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        7⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        5⤵
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
      4⤵
      PID:7524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
      4⤵
      PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
      4⤵
      PID:18360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25448.exe
        9⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        8⤵
        
        PID:13828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        8⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41016.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        8⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        7⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
        6⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        7⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        7⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        6⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        5⤵
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
        7⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        6⤵
        
        PID:13424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        6⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        5⤵
        
        PID:16088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        6⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        8⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        8⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        7⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        7⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        7⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        7⤵
        
        PID:16404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        7⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        7⤵
        
        PID:9088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        6⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        5⤵
        
        PID:9356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        5⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        7⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        6⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        5⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        5⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        5⤵
        
        PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
      4⤵
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        5⤵
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36357.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      4⤵
      PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      4⤵
      PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        6⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        6⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        7⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        7⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39000.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        6⤵
        
        PID:13644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
      4⤵
      PID:64
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        5⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        5⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5582.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
      4⤵
      PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
      4⤵
      PID:17320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10263.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        6⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
      4⤵
      PID:12696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63355.exe
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
      4⤵
      PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
      4⤵
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        6⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39825.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
    3⤵
    PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        5⤵
        
        PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29055.exe
      4⤵
      PID:14284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
    3⤵
    PID:7344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
    3⤵
    PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
    3⤵
    PID:14824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
    3⤵
    PID:18280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
    3⤵
    PID:8420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        9⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        9⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8225.exe
        9⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        9⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
        8⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
        8⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27170.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39721.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
        7⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37758.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        7⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        8⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        8⤵
        
        PID:15196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        8⤵
        
        PID:18296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        7⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        7⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        7⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18138.exe
        6⤵
        
        PID:17228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        6⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        8⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        7⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6177.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        6⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        7⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        6⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        7⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        6⤵
        
        PID:13328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        6⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        
        PID:18304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        6⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        8⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        7⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        5⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65513.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1222.exe
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        6⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        6⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
        5⤵
        
        PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        5⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        5⤵
        
        PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      4⤵
      PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        5⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        5⤵
        
        PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
      4⤵
      PID:9876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      4⤵
      PID:17812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        7⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 712
        7⤵
        Program crash
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        7⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        6⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        7⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        7⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        7⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        6⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
        5⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        5⤵
        
        PID:18336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        5⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        7⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        6⤵
        
        PID:13916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        6⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        5⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        5⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        6⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 240
        7⤵
        Program crash
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
      4⤵
      PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
      4⤵
      PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
      4⤵
      PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
      4⤵
      PID:17880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
        6⤵
        
        PID:7824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 608
        6⤵
        Program crash
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        5⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        5⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61791.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        5⤵
        
        PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
      4⤵
      PID:11836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
      4⤵
      PID:17856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        6⤵
        
        PID:9812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        6⤵
        
        PID:14400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        6⤵
        
        PID:18024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        5⤵
        
        PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
      4⤵
      PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
      4⤵
      PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
      4⤵
      PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
    3⤵
    PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33336.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        5⤵
        
        PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        5⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39000.exe
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4968.exe
      4⤵
      PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
      4⤵
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26526.exe
    3⤵
    PID:7188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
    3⤵
    PID:9596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
    3⤵
    PID:13932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
    3⤵
    PID:16940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:32
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        7⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        6⤵
        
        PID:17168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        6⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45311.exe
        6⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        5⤵
        
        PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        6⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        6⤵
        
        PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7951.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        5⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      4⤵
      PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
      4⤵
      PID:18188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        7⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 648
        7⤵
        Program crash
        
        PID:14504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 648
        7⤵
        Program crash
        
        PID:2052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 744
        6⤵
        Program crash
        
        PID:2944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 708
        6⤵
        Program crash
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        6⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
      4⤵
      PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        5⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
      4⤵
      PID:12384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
      4⤵
      PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
      4⤵
      PID:8992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
      4⤵
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        6⤵
        
        PID:18296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        6⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        5⤵
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        5⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        5⤵
        
        PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
      4⤵
      PID:12328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
      4⤵
      PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
      4⤵
      PID:7980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    3⤵
    PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      4⤵
      PID:8092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
    3⤵
    PID:7540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
    3⤵
    PID:11124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
    3⤵
    PID:15224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
    3⤵
    PID:820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        6⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        5⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26367.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
      4⤵
      PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      4⤵
      PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
      4⤵
      PID:8800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        5⤵
        
        PID:11248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 608
        5⤵
        Program crash
        
        PID:13652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
      4⤵
      PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
    3⤵
    PID:7656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
    3⤵
    PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
    3⤵
    PID:13688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
    3⤵
    PID:17464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
      4⤵
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4311.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        6⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        5⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
      4⤵
      PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        5⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
      4⤵
      PID:5476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 80
        5⤵
        Program crash
        
        PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16347.exe
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      4⤵
      PID:5352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 640
        5⤵
        Program crash
        
        PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
      4⤵
      PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
      4⤵
      PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
    3⤵
    PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
      4⤵
      PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
      4⤵
      PID:1492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    3⤵
    PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
    3⤵
    PID:13896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10305.exe
    3⤵
    PID:4916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65512.exe
    3⤵
    PID:5280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 632
      4⤵
      Program crash
      PID:7688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
    3⤵
    PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
    3⤵
    PID:10992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
    3⤵
    PID:14772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
    3⤵
    PID:18268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
    3⤵
    PID:6768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
    3⤵
    PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
      4⤵
      PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
    3⤵
    PID:13608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
    3⤵
    PID:18032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
    3⤵
    PID:9204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
  2⤵
  PID:8012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
  2⤵
  PID:11976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
  2⤵
  PID:14680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
  2⤵
  PID:18344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4440 -ip 4440
1⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5280 -ip 5280
1⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5148 -ip 5148
1⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6316 -ip 6316
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 132 -p 4196 -ip 4196
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2712 -ip 2712
1⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5148 -ip 5148
1⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5352 -ip 5352
1⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6724 -ip 6724
1⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2396 -ip 2396
1⤵
PID:14460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2396 -ip 2396
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5296 -ip 5296
1⤵
PID:17988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5476 -ip 5476
1⤵
PID:5924

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe

Filesize
184KB

MD5
fa13221f63d3b690444268ec8c5dc90d

SHA1
a6a0543e65e908bf729d7f5525642b1d23f53759

SHA256
7f75d72f40c857893a76e2203a106a90f13415e35163f3925104dc1a90dd5550

SHA512
d5c9df267f73d68a86fc852975726a78b468c73f6b10970d0ddcccf78d259e8bbfe23dd1c991643f007792795962972ee6d5bda454ae4cdd628b0704e832d0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe

Filesize
184KB

MD5
12d706e035a70838ad8aab46fa298c69

SHA1
f3ef1d0f044da029e053039d99c0056d2f927df3

SHA256
201063b8e16d2167397c56492d9c64e3d1ec4051eb9c362e565e6198027ea15c

SHA512
bdc8bb5ce7608eba2bc671bee6b6bf3b84812170463970094f03090482b886562ca547175531631adb4ad7264f9f5c23ed56ed25a0aba61044c291f00beb36bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14468.exe

Filesize
184KB

MD5
fd5d598a341388d1935875cec8a99e72

SHA1
ed94f87435f28cbcf087c247c3cc0cdc39343cb0

SHA256
55e4e4f24809953d686ce5b99e6a5a09cdd663e28b6c8d07441d3fab69485cdb

SHA512
5ae7aa9c0db312058ac5620d9f92353cc23b94ce98e98793d2b9fcae35f8b79f199db9cf25e6d2f74de77a596dce9f70e8eda2d3073e83b2d84d7b085e3a7909

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe

Filesize
184KB

MD5
e914222d040eccac273dd1037248fbb5

SHA1
1ad0eea2d1f3e501f5b7a345e644e418fbe44b4f

SHA256
b655a60f8fe07087025758bade7c1c0d7d73575703cde0805bc8e26484c8276a

SHA512
a787b2b3e00644aa844ca110d69a5465cfdf19d8a0f629e8e95c08fc2c24e0851d2f71cedf75618459d62f2de206a66f916a4d82d99beb2c5053ecae00ddaf36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe

Filesize
184KB

MD5
2ece3da127687f2ae2af136b83ace2e7

SHA1
91d83101cbaaf28a41fecde87d92dcc8e6d0601b

SHA256
53ce461885f0020e8a9ff8ea955016e654386a77ff0c1fbb3a0dde3bc89b6a30

SHA512
1b6d354885cb9b593efdd3b98b0e567e4416907a7f7dcd2321e9c23868822119144c12db85f8fd5261ef76b66f163cc060b4f769a1c2386df849bbeb495652a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe

Filesize
184KB

MD5
5028b8fa8e1d54a3189ecdb5b9e08ccd

SHA1
26a8b98357608d835f2a8572f9bf3fceba2b1c91

SHA256
1752107542e1846be9695ce100dd86189be96205cf83711a66fe5e7d8b8849f1

SHA512
72f26e08600a570064785f76dc36896b4b27cb8c7df6fadcb91b757364c541a395c783df05bb8a34e72c48f2379c1c45e82df3b8d72399a48f1e90c66467e703

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe

Filesize
184KB

MD5
b91e48c9636f6fe16a17608c617f3348

SHA1
8c4eb73e0d866b7a6c02feec7b10ab7868467bc3

SHA256
4dd446256ea5f67159d23321245e5ce80c3318078ff44c4b9d36b28e62d447ff

SHA512
f1526551eaf3aa6bd6c320e9dc259cf85938cc4beca79a7a4c1fdfa048918f216ce1d91fbad4b286ac39c75c478d805b1d4fa1484034db2c375e5d20afbebbc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe

Filesize
184KB

MD5
4ce4e43894bdb5d181cbea341fd75a4d

SHA1
3b33e89e980f3e311894514efa00be7deee58357

SHA256
7a19406ea2cfcbb4af5639157ea9fdbd5657a4e8acf259b6ce3cdefafa99694d

SHA512
9a6baae1d48ee51881af0145bb4f18a55d014a5feb109a2fa0201794681c09eea247b3c740747887ee1b28998a879129874538ead4bd49e3d81b904b4c1a9446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe

Filesize
184KB

MD5
91d7c4fed0add9c9b763abd4c3a3a042

SHA1
c1ca4fc7dfec3abd747bd387e3a6a8c17a11fc62

SHA256
f8522304e8a6a9782c6d7010a6bff26bd3e3128be99b978b9642d3bf7060dd45

SHA512
4bfbd5a7b7a223d7dbdcb34ab5ecb38d1bf812064bc57f367e7e8324497da38f7c73304d5fcdd6a08ca60c6ca8b6dbbc29a81205575d69bfdd288b37fb05c425

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe

Filesize
184KB

MD5
62cb7ec192e7c4533120781478408494

SHA1
afda644f4977146d60960e4e500f7bd1d32c1320

SHA256
e2210c9eda05f0980ecb92369b1e5e8b78d8eb70496aaf16d8a1d60a4d011ea1

SHA512
0db48e1f51c9beae8fa242185f347d18e0983f507c3393e9f0d90fa151aa37ed53b8a240a4925ca6be3bffc0439336158a09b1f51ddbc7bfb8bb2b0175dcda13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe

Filesize
184KB

MD5
a1d399455cfdc4b344cbeb85023314fd

SHA1
6a906c9ef527deba12593c516c01173d38bbe6ff

SHA256
31d6d1ecf6966cd108d950e50bfa2e365bff7ae5f24253a2e41e847f4bbd6e7c

SHA512
cc4b169932d73ee7ac2b0c169d7f1342598f59daac0523e4681e32bf592ab198ca27ac875a8447b6c726129fedfd0250bb2f8e7f4139cb41fcfdd96e20dd44a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe

Filesize
184KB

MD5
5ae856a514ce73c6ead88395153bf339

SHA1
8b06ab421a230b8d920de32e84b15fef3df2e6bd

SHA256
0cdf2b5de604ee4f9dd8a065aa08d73c1a1b7437a89487c66eec52e1756e8ad9

SHA512
6cb6f1c44910ccd0e744ff0374e099492ea763bc54456bdfa0d9cfb272cc81840621d41b1743b15bfe1df834847998cb81687a239d7657ff843e0d8703b0240e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe

Filesize
184KB

MD5
f820b6502b94ebf61970b50e233a362d

SHA1
a8274da6d160ffd694a859688e4bf35657ef9f90

SHA256
b3836e94a78cd6f1cd82e7ff7239957c7f6c9099017edb6a94b3cdb77b4a8c17

SHA512
0eab4af4106079e28751cc0857ca50c8981ca68654295a97cb8275ca4d11060c92408a031c843a124b4c56f769028908dc5997bb7cb2dde27128b4c23524078f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe

Filesize
184KB

MD5
78820c57e82e21e07b0bbe420a814b0b

SHA1
015edb72819174d5f5b91520ac72733a65520912

SHA256
c825378d4aef5509357964454957c1c4e17d49c3687790d51433f004d692ef78

SHA512
5d8f7111efad316e66dad4bfbbe61c252f3dd73685872e2d52d19909ace924f9c556fa43ddb67bc37acbd6034ffac688b19b394ef11928d00ef5fb036e32b707

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe

Filesize
184KB

MD5
0b5da99bd93359ade9c258f39884fc03

SHA1
eceec13db086394747ff9f26de0f5906ebbe0a58

SHA256
1d2e3ea394ee84490d5c4aa82b386f7d7d0bbb4c520d4c04b67f690cc860fdbe

SHA512
d0549ebfdef055934251f87d3f243f9c78eabda3191df191705c21ff96d6871e3b1897a3eae4904197cfa6a5da4cab4959a7d5c2fb448021ea0a35e85fbba990

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe

Filesize
184KB

MD5
88e4ac79191ae85909822acf52ec6918

SHA1
e2e55e41d3ff9f78bdc1df9c94591778243c9055

SHA256
8f5ab9687aa87a8159222f3f2213ec4d0b7d09a4c33f3e2a5c1728efda7db9dc

SHA512
8309c825344a7b4d2b9709aa5ee9e0919f484cff71cc274ec58bcf924f04916453de4d7ab50be78b9d75afc57727ffe1d3022b0f068d825f66158f0c2143383a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe

Filesize
184KB

MD5
9a683aca2b97612f062c1ab48d5d2065

SHA1
180c67f904a895d1b3f0ce88b8ff280a6f17ffef

SHA256
2ab8f1606385f46908e73cf02f548ce6a16beebe626bfe6107d76bf3a2f9a1e8

SHA512
1e1c8b713b495fb1a11385dbc5628014dc13eb04018648e6f64fdf4fbd07449f765ff1ab25d47fd4ac2296c1e3077a1f8e80cbfe77c66f7ecedff9207f7c99b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe

Filesize
184KB

MD5
8bc143622811524fc170bdde9e579c17

SHA1
69507709af4de962fadc38f063f7c3065fd8801d

SHA256
e3a49a8c01dcc27d7b14b36ddae97be8ddcae42b33508f4fb857af4360761ad8

SHA512
9634693e8fc0acd00ff6ccd5edb2d6bde6c4880285e66e66186f4302c4c7973b95a2c51c2451e1c136094a29597f98d57f6856cde65906cf4875d5598e6c0dca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe

Filesize
184KB

MD5
c63db77d7677c83ea12a8574df11b4ff

SHA1
f1fdc3b064250b9ee53412bdb6e9f1c15361ca2b

SHA256
506bf9198d7b20610bc89a3d796d4104a967ac1d756881951e8632c95c454458

SHA512
dd993ac47a9fccc59a17627b561f347efd23180b820b3307174e49c566ab1a906964d53566e474af53730b5c90bf9ecfa51fa9a0bedfcfecf170521f5f8606eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe

Filesize
184KB

MD5
ba0a6cf87aa67c38c77f30fc1fa491c9

SHA1
d15396ca916e36ce82f3104b5a06e36e280d4402

SHA256
f60fd28137ab258bba92a4e40a1cd45d48066bbab2521a5cbe250b663a30b973

SHA512
41b6c9bcad98aff24aa9db828887421c610dcd0ecf53e119e2bcd1d27ed31ff274b47e27ac19164e72f064fa359bc31564c5e80866dc3f6c62f2d9ec6dee3341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe

Filesize
184KB

MD5
19a42325b80ebafaa61a3775f694f414

SHA1
56e549ca4e7868eca7f6721aad00b1fa93e2ff90

SHA256
3b448fa96159022e15a9f3d8290ba9808277ff8868ad4320d50962225c737b63

SHA512
47472e60f8ccfdedefa971e9913e26084b1b5de19bd479eaa0c6ad3314048decdab2443b7b67196972b6f1b746eba521a7568e7b9b27fa6d42a39506e4db7e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe

Filesize
184KB

MD5
51ccfbcfd07f427fe64f6edce9273cc4

SHA1
ba5ba732fe76f9124be29659c23cfcaeb577b31a

SHA256
c7927e277ea138d31fb2a1c26717ec7ce17173857abb58f03c1e3ef40ccccfe2

SHA512
f86e4188be648c7da235be6876c6da72a5a34f0c869b80213dcb798a3b8c1feb9ad316784a47fa135f70beb48fe25af0240fe5c0303590e6ff76fc45fbb99cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe

Filesize
184KB

MD5
b469f7c79a235922eaad79a807d5ead3

SHA1
7ed7f19ee5c0e80917b2da8bdf59e684f40465d1

SHA256
3008b08407705fb8f9fd6502ee6740fcfa2b00f4cf756bceda1a523d9719689a

SHA512
8f49a0da5f5660463f79359e7057e78dc80e851df6819a58e3ee9a15d134c9844bffb16e671b10e85f4efdb5b2d5c1b038ac062e917405215ff40bc4aac0df71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55516.exe

Filesize
184KB

MD5
a7d4168e313eaf41a75e80b4d9762fcc

SHA1
b6969f9d1430bff5b2a4e8d3f428cc114aaca2f4

SHA256
8ad2c9545fb5fe7afa63eb24603b4ee6995cf2ee1ac60898bce887b162df19a5

SHA512
093e1a0ac91f47a95d9e2cd86033e0891e87dc14910267df73d3cbd946bbc93f9523e6df07e04d7f94a697093f423de3fc66f258bf5f5ec5755793b1e6826206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe

Filesize
184KB

MD5
0bd249a14495fa125f594050da7b0e49

SHA1
56dd7eba8230b6a50bd1f8ceb0c3e509b5352945

SHA256
3ada5bc269cea439a74bc1868b59cafbf2d9897ba863843605c60337150fc309

SHA512
44544b25dd4bd3ccdf7708c2143fc594646f98b8193189c86c618091c5ab113615ae3d988282c3878a3d56aea99d2f2f18ae9f6fba65ac4c549867a869ef8d71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe

Filesize
184KB

MD5
3812194fc421b74c9c12bab971ae4ef2

SHA1
ff66598b1aa0c842ae3af9a9b565da989f57d4f9

SHA256
b427ea4b24e9d74631d578c2f1593899270fd480df766cbd551202cdaf6d9d25

SHA512
9646f6274b77922c02d918f62b19354a526f6f9f149221109538179e899fb3bcd4e320bf62164bb485d7dc252de3fa26c9a728f465711cdd67dd081ddc85d00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe

Filesize
184KB

MD5
8d5fcb4094237a3665296b4b6472a86d

SHA1
74347f8ce8c69f295b47bbb63c4cba689ffaeda7

SHA256
3e9ab6d030f173066bfd2c6098032cc6b3cc4d8001509b8ffa89d632084161b5

SHA512
c1cef777b622e613e64ea66d1cfa039d69e9a14e1c0afa71fca16dab437462a9d768d489071d8e38b341f0d485f2e5e3c22ade7331bbd18197ef6df95fae69a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe

Filesize
184KB

MD5
564e170940da0b5678e4cfb7a0963cbd

SHA1
524754eddf13ea692468606176388b1efcffb708

SHA256
30a125f174aa98ce934dac4e9cb9a3036974838c5a393a105448dc4b4375d857

SHA512
bcdb0e4b0d161c99e472349f9245361d0bbcb5363b5aeaf08c398a51cc8d67bafcac4222b0738073d2f51c4dc1c8e8ca69d6e3e990af31e3cf75b7401a9aff6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe

Filesize
184KB

MD5
ade27c9119edd284102b6ce2a1683fe7

SHA1
5af8aee7cfd5e4bfac8d6e4fa6a2151089c0893c

SHA256
5431a5d2f2868bac3e0bb041c7ff5cbb5320bcb6282e2e7bf597aaf0c5d4cef1

SHA512
8e34bddc3576cff64a08eb5da0ab5f777647502264259caa2a1d4e0cb80920724459855a8c6d54286e2eb434504027f136126106247e3dcdcdc2da104d0576f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe

Filesize
184KB

MD5
bf3d35fbd8dc1281b53c77ccb909e419

SHA1
070728816598a58b4a35c7862b658a7ef1720ca6

SHA256
af23a7d101a08ebb393d7f037a3fdb01780327e173ebc6c1fdaefc7a0e5edd68

SHA512
f70b34bacea4b2bc73e3259c62e9ee45bbf9d50b847b94b08057d7124d909956a26cc62da07e3aa791a29c76e483c20306863fb99a591266315ac704f42e24ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe

Filesize
184KB

MD5
9831e87ddc5d2723a0e46d4710f0f329

SHA1
1ff9cf312809bd5a682b900c5a9b4ea78b5e2a6e

SHA256
64302c4e7432d3d7044bed3d96865d050d9f4966e24300cb16579f12669975d2

SHA512
afc9eb72f0c252764c7feea524e785b94ed1992a162d7e1843392e1c5f15d9d6f7a8b39b5c10747647f8d5136f9a2ad5207ddec35233bb1fd50354101470b7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8775.exe

Filesize
184KB

MD5
b83d7891478e215ccb71494c1c2e9a04

SHA1
447efea4e3832aeac8fc68883e6dc559b9e74f6a

SHA256
dd766af902fa8e92d752db1aadce2efa66692e43ceb23affa54f9c5b1dfdc952

SHA512
caaf9d3fea16d54f7a899732ec05839d9b2cc9633630da8ba5f256bcd7a548a6442fb0b3f3c87a89b4a76dc4bd6dbb77af3d27d158094ba86e45b636e8fc9d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe

Filesize
184KB

MD5
db9170c48291b7dea90d0e4c0d56b9b0

SHA1
604991b412822fcbac16c25166920fa88c171965

SHA256
2481bcc119fda1918ca48a6527f7b8efdf987cf05e370e20a8f87414c801ed34

SHA512
1ed31657cbf5e3d6751f0015c7878d60a71a42ae48c50b5554867cb89c4ae68815d78b61f8fe78233114bef697f094796df287545622cef78d56d1691fd50114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe

Filesize
184KB

MD5
fc85844801f6f43a9637d1503487ba99

SHA1
639cb606a000cd23fbfb3aef112bc8c04533c176

SHA256
0978b6f3ec70c92b44b54fde34e34e6fbc0af1f3cbf11da2223dda94ff5bbcc5

SHA512
33ecf9d7d46409aaeac28a10df029fa5eff31edd0e236763509114ea1ce2eed5256e55ca77bd5cb49217d5bcb2f4e1405e9ccd80e2f358965734d59701e22e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe

Filesize
184KB

MD5
5162cb831b513d34090621f0fe6e6a88

SHA1
e04e9bca6235538e1249e6addf27829660743972

SHA256
b60690a96702821d26a80beecfae3f2d0105d2722f8cbc79ec22abfbce4c18e8

SHA512
125c54c0972dfe42dfe14ba1f2f4d670c557e1b1eecd34711fe845f4ec00e5e32d43ca3f11270bf8d7e66885137f73bfa636dde9592115209f8291210c247e3a

Download Submit
memory/2276-4172-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads