51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe
Size

184KB
MD5

9aa66acc7ea3bb016e2b74579a3690c0
SHA1

53028ff03e0e8e26d6d9fc41590ee3cceedf2ffb
SHA256

51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7
SHA512

a0b79a3cfbb25bbdb836f3475078ee39e5737e3e099de40a529d3040f2ce00c61863a14d375368b2f8a22d8d71ecc1d6f65129e000baa059dcfa2188aff7af06
SSDEEP

3072:ON2HW3oLpyAXxdo6CSNZVbTzqnvnqUviu5:ONfor/o6xVHzqnPqUviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2352	Unicorn-37804.exe
956	Unicorn-7015.exe
1568	Unicorn-44519.exe
1792	Unicorn-25848.exe
3400	Unicorn-63351.exe
2524	Unicorn-9127.exe
2500	Unicorn-2997.exe
4620	Unicorn-53772.exe
3528	Unicorn-17570.exe
4196	Unicorn-33352.exe
3560	Unicorn-25184.exe
2916	Unicorn-12666.exe
2724	Unicorn-64170.exe
1156	Unicorn-50435.exe
4272	Unicorn-60907.exe
3760	Unicorn-7067.exe
5064	Unicorn-19682.exe
3888	Unicorn-23212.exe
4428	Unicorn-4829.exe
2104	Unicorn-27104.exe
2152	Unicorn-14851.exe
360	Unicorn-14851.exe
3136	Unicorn-18936.exe
3184	Unicorn-18936.exe
4828	Unicorn-4637.exe
1268	Unicorn-43803.exe
2148	Unicorn-43803.exe
2208	Unicorn-63403.exe
4372	Unicorn-54738.exe
2340	Unicorn-49828.exe
2484	Unicorn-39614.exe
1992	Unicorn-33492.exe
2616	Unicorn-9542.exe
1292	Unicorn-33300.exe
4004	Unicorn-33300.exe
896	Unicorn-33300.exe
2892	Unicorn-27030.exe
5012	Unicorn-32597.exe
4644	Unicorn-26211.exe
4736	Unicorn-58572.exe
1592	Unicorn-50404.exe
4400	Unicorn-37389.exe
1796	Unicorn-46320.exe
4556	Unicorn-6034.exe
2912	Unicorn-63403.exe
4740	Unicorn-17732.exe
1088	Unicorn-21816.exe
4444	Unicorn-13647.exe
1824	Unicorn-59319.exe
4464	Unicorn-27762.exe
3592	Unicorn-47628.exe
4344	Unicorn-51712.exe
1276	Unicorn-51447.exe
448	Unicorn-15510.exe
3748	Unicorn-29245.exe
2120	Unicorn-9910.exe
3476	Unicorn-41498.exe
4524	Unicorn-51712.exe
312	Unicorn-15147.exe
3648	Unicorn-2895.exe
1360	Unicorn-37466.exe
5048	Unicorn-57332.exe
1216	Unicorn-53248.exe
4284	Unicorn-12962.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
8176	5688	WerFault.exe	212
19396	15764	WerFault.exe	781
19376	16280	WerFault.exe	785
19332	17040	WerFault.exe	813
19348	16992	WerFault.exe	810
7260	19304	WerFault.exe	1002
16012	17116	Process not Found	817
16324	16068	Process not Found	825
3056	436	Process not Found	1263

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7376	dwm.exe
Token: SeChangeNotifyPrivilege	7376	dwm.exe
Token: 33	7376	dwm.exe
Token: SeIncBasePriorityPrivilege	7376	dwm.exe
Token: SeCreateGlobalPrivilege	6872	dwm.exe
Token: SeChangeNotifyPrivilege	6872	dwm.exe
Token: 33	6872	dwm.exe
Token: SeIncBasePriorityPrivilege	6872	dwm.exe
Token: SeCreateGlobalPrivilege	14048	Process not Found
Token: SeChangeNotifyPrivilege	14048	Process not Found
Token: 33	14048	Process not Found
Token: SeIncBasePriorityPrivilege	14048	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe
2352	Unicorn-37804.exe
956	Unicorn-7015.exe
1568	Unicorn-44519.exe
1792	Unicorn-25848.exe
2524	Unicorn-9127.exe
3400	Unicorn-63351.exe
2500	Unicorn-2997.exe
4620	Unicorn-53772.exe
3528	Unicorn-17570.exe
4196	Unicorn-33352.exe
2916	Unicorn-12666.exe
3560	Unicorn-25184.exe
2724	Unicorn-64170.exe
1156	Unicorn-50435.exe
4272	Unicorn-60907.exe
3760	Unicorn-7067.exe
5064	Unicorn-19682.exe
3888	Unicorn-23212.exe
4428	Unicorn-4829.exe
3136	Unicorn-18936.exe
4828	Unicorn-4637.exe
3184	Unicorn-18936.exe
360	Unicorn-14851.exe
2148	Unicorn-43803.exe
2208	Unicorn-63403.exe
2104	Unicorn-27104.exe
1268	Unicorn-43803.exe
2152	Unicorn-14851.exe
4372	Unicorn-54738.exe
2340	Unicorn-49828.exe
1992	Unicorn-33492.exe
2484	Unicorn-39614.exe
2616	Unicorn-9542.exe
4004	Unicorn-33300.exe
1292	Unicorn-33300.exe
896	Unicorn-33300.exe
2892	Unicorn-27030.exe
4644	Unicorn-26211.exe
5012	Unicorn-32597.exe
4736	Unicorn-58572.exe
1592	Unicorn-50404.exe
1796	Unicorn-46320.exe
4400	Unicorn-37389.exe
4740	Unicorn-17732.exe
2120	Unicorn-9910.exe
2912	Unicorn-63403.exe
4344	Unicorn-51712.exe
448	Unicorn-15510.exe
1088	Unicorn-21816.exe
1276	Unicorn-51447.exe
3748	Unicorn-29245.exe
3476	Unicorn-41498.exe
4444	Unicorn-13647.exe
3592	Unicorn-47628.exe
4556	Unicorn-6034.exe
1824	Unicorn-59319.exe
4464	Unicorn-27762.exe
4524	Unicorn-51712.exe
312	Unicorn-15147.exe
1360	Unicorn-37466.exe
1216	Unicorn-53248.exe
5048	Unicorn-57332.exe
3648	Unicorn-2895.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2352	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	91
PID 4824 wrote to memory of 2352	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	91
PID 4824 wrote to memory of 2352	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	91
PID 2352 wrote to memory of 956	2352	Unicorn-37804.exe	94
PID 2352 wrote to memory of 956	2352	Unicorn-37804.exe	94
PID 2352 wrote to memory of 956	2352	Unicorn-37804.exe	94
PID 4824 wrote to memory of 1568	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	95
PID 4824 wrote to memory of 1568	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	95
PID 4824 wrote to memory of 1568	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	95
PID 956 wrote to memory of 1792	956	Unicorn-7015.exe	97
PID 956 wrote to memory of 1792	956	Unicorn-7015.exe	97
PID 956 wrote to memory of 1792	956	Unicorn-7015.exe	97
PID 2352 wrote to memory of 3400	2352	Unicorn-37804.exe	98
PID 2352 wrote to memory of 3400	2352	Unicorn-37804.exe	98
PID 2352 wrote to memory of 3400	2352	Unicorn-37804.exe	98
PID 1568 wrote to memory of 2524	1568	Unicorn-44519.exe	99
PID 1568 wrote to memory of 2524	1568	Unicorn-44519.exe	99
PID 1568 wrote to memory of 2524	1568	Unicorn-44519.exe	99
PID 4824 wrote to memory of 2500	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	100
PID 4824 wrote to memory of 2500	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	100
PID 4824 wrote to memory of 2500	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	100
PID 1792 wrote to memory of 4620	1792	Unicorn-25848.exe	103
PID 1792 wrote to memory of 4620	1792	Unicorn-25848.exe	103
PID 1792 wrote to memory of 4620	1792	Unicorn-25848.exe	103
PID 956 wrote to memory of 3528	956	Unicorn-7015.exe	104
PID 956 wrote to memory of 3528	956	Unicorn-7015.exe	104
PID 956 wrote to memory of 3528	956	Unicorn-7015.exe	104
PID 2500 wrote to memory of 4196	2500	Unicorn-2997.exe	105
PID 2500 wrote to memory of 4196	2500	Unicorn-2997.exe	105
PID 2500 wrote to memory of 4196	2500	Unicorn-2997.exe	105
PID 2524 wrote to memory of 3560	2524	Unicorn-9127.exe	106
PID 2524 wrote to memory of 3560	2524	Unicorn-9127.exe	106
PID 2524 wrote to memory of 3560	2524	Unicorn-9127.exe	106
PID 4824 wrote to memory of 2916	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	107
PID 4824 wrote to memory of 2916	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	107
PID 4824 wrote to memory of 2916	4824	51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe	107
PID 1568 wrote to memory of 1156	1568	Unicorn-44519.exe	108
PID 1568 wrote to memory of 1156	1568	Unicorn-44519.exe	108
PID 1568 wrote to memory of 1156	1568	Unicorn-44519.exe	108
PID 2352 wrote to memory of 2724	2352	Unicorn-37804.exe	109
PID 2352 wrote to memory of 2724	2352	Unicorn-37804.exe	109
PID 2352 wrote to memory of 2724	2352	Unicorn-37804.exe	109
PID 3400 wrote to memory of 4272	3400	Unicorn-63351.exe	110
PID 3400 wrote to memory of 4272	3400	Unicorn-63351.exe	110
PID 3400 wrote to memory of 4272	3400	Unicorn-63351.exe	110
PID 4620 wrote to memory of 3760	4620	Unicorn-53772.exe	111
PID 4620 wrote to memory of 3760	4620	Unicorn-53772.exe	111
PID 4620 wrote to memory of 3760	4620	Unicorn-53772.exe	111
PID 1792 wrote to memory of 5064	1792	Unicorn-25848.exe	112
PID 1792 wrote to memory of 5064	1792	Unicorn-25848.exe	112
PID 1792 wrote to memory of 5064	1792	Unicorn-25848.exe	112
PID 3528 wrote to memory of 3888	3528	Unicorn-17570.exe	113
PID 3528 wrote to memory of 3888	3528	Unicorn-17570.exe	113
PID 3528 wrote to memory of 3888	3528	Unicorn-17570.exe	113
PID 956 wrote to memory of 4428	956	Unicorn-7015.exe	114
PID 956 wrote to memory of 4428	956	Unicorn-7015.exe	114
PID 956 wrote to memory of 4428	956	Unicorn-7015.exe	114
PID 1156 wrote to memory of 2104	1156	Unicorn-50435.exe	115
PID 1156 wrote to memory of 2104	1156	Unicorn-50435.exe	115
PID 1156 wrote to memory of 2104	1156	Unicorn-50435.exe	115
PID 2916 wrote to memory of 2152	2916	Unicorn-12666.exe	116
PID 2916 wrote to memory of 2152	2916	Unicorn-12666.exe	116
PID 2916 wrote to memory of 2152	2916	Unicorn-12666.exe	116
PID 4196 wrote to memory of 360	4196	Unicorn-33352.exe	117

C:\Users\Admin\AppData\Local\Temp\51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51ddb0a5934db2490244399bd63992cd3a924773044e9cae95e30eb3be0e6fc7_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25935.exe
        11⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        11⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        10⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        10⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49729.exe
        10⤵
        
        PID:18732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        10⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        10⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        10⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        9⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        9⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        10⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        10⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        9⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        9⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        9⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        9⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        7⤵
        Executes dropped EXE
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
        8⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 632
        9⤵
        Program crash
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        8⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        9⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        9⤵
        
        PID:15892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37362.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33541.exe
        9⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        9⤵
        
        PID:18784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        8⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22632.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14729.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        9⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        9⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        9⤵
        
        PID:18968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        9⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        9⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
        9⤵
        
        PID:19400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        8⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        7⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        8⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        8⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        8⤵
        
        PID:19160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        7⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        7⤵
        
        PID:17336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        6⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41295.exe
        9⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        9⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        9⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        8⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32311.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
        7⤵
        
        PID:19424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
        7⤵
        
        PID:18892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        7⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        7⤵
        
        PID:18780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20821.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        6⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        6⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        9⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
        9⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        8⤵
        
        PID:18924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        9⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        9⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62986.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
        8⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        8⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        8⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        8⤵
        
        PID:19304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19304 -s 212
        9⤵
        Program crash
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11664.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        7⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        8⤵
        
        PID:12512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        8⤵
        
        PID:18288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        6⤵
        
        PID:18000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        8⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        7⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        7⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1097.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
        5⤵
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        7⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        9⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        9⤵
        
        PID:19440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        9⤵
        
        PID:19316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        9⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        8⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        9⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        9⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
        9⤵
        
        PID:16804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        8⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
        8⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        8⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        7⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        6⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        7⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        7⤵
        
        PID:19252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        7⤵
        
        PID:18828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        7⤵
        
        PID:18244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18573.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        5⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        5⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        8⤵
        
        PID:18196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32792.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        8⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        8⤵
        
        PID:18668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        7⤵
        
        PID:19160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        6⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        6⤵
        
        PID:17428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        5⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        7⤵
        
        PID:17132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19314.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        6⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
        6⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        5⤵
        
        PID:18676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45497.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        6⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        6⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-695.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        6⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        6⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        5⤵
        
        PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
      4⤵
      PID:9328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
      4⤵
      PID:13564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32085.exe
      4⤵
      PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
      4⤵
      PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        9⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        9⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        9⤵
        
        PID:19200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
        8⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        8⤵
        
        PID:18348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        8⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        8⤵
        
        PID:18680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        8⤵
        
        PID:19452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        7⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        6⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        6⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        6⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
        6⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        8⤵
        
        PID:18900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        8⤵
        
        PID:19416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        7⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        7⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        7⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        6⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        7⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        6⤵
        
        PID:14580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        7⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        7⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41901.exe
        7⤵
        
        PID:19184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        7⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        6⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        6⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        5⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
      4⤵
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        7⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        7⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
        6⤵
        
        PID:19108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        5⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        5⤵
        
        PID:19216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
        5⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
      4⤵
      PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
      4⤵
      PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29512.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52861.exe
        8⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        7⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        7⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        6⤵
        
        PID:15764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15764 -s 464
        7⤵
        Program crash
        
        PID:19396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        6⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        7⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17868.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        5⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        6⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:19044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        6⤵
        
        PID:19020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        5⤵
        
        PID:19064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        5⤵
        
        PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:18760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
      4⤵
      PID:11604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59758.exe
      4⤵
      PID:6488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        7⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
        6⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        6⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42949.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        5⤵
        
        PID:18008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        5⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        5⤵
        
        PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
      4⤵
      PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
      4⤵
      PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22600.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        5⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        5⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        5⤵
        
        PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        5⤵
        
        PID:15912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        5⤵
        
        PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      PID:10372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
      4⤵
      PID:19088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
      4⤵
      PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        5⤵
        
        PID:10476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        5⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        5⤵
        
        PID:16992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16992 -s 444
        6⤵
        Program crash
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        5⤵
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      4⤵
      PID:14884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19935.exe
      4⤵
      PID:18940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
    3⤵
    PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      4⤵
      PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
    3⤵
    PID:352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
    3⤵
    PID:14452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32149.exe
    3⤵
    PID:18692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        9⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        8⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        7⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        7⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        7⤵
        
        PID:19040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        7⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        7⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63035.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        6⤵
        
        PID:13572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        6⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        6⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        7⤵
        
        PID:17040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17040 -s 436
        8⤵
        Program crash
        
        PID:19332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        7⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        6⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        6⤵
        
        PID:18448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        5⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        5⤵
        
        PID:19124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41956.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        8⤵
        
        PID:14956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        7⤵
        
        PID:18916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        6⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        7⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        7⤵
        
        PID:18232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        7⤵
        
        PID:18732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        6⤵
        
        PID:18740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        6⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        7⤵
        
        PID:16280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16280 -s 464
        8⤵
        Program crash
        
        PID:19376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        6⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        5⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        7⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        7⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22546.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        6⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
        6⤵
        
        PID:18748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        6⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        5⤵
        
        PID:18732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
      4⤵
      PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        5⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        5⤵
        
        PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
      4⤵
      PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
      4⤵
      PID:19076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25812.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
        7⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        7⤵
        
        PID:19192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        6⤵
        
        PID:18800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
        6⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59319.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        5⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        6⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13120.exe
        6⤵
        
        PID:18892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        6⤵
        
        PID:18804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        6⤵
        
        PID:12596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        6⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        5⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
        5⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
        5⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        5⤵
        
        PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        5⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        5⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        5⤵
        
        PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
      4⤵
      PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
      4⤵
      PID:18884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58606.exe
      4⤵
      PID:19208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        6⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        7⤵
        
        PID:18888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        6⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        5⤵
        
        PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54955.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        6⤵
        
        PID:14228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        5⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        5⤵
        
        PID:19116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58654.exe
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28933.exe
        5⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        5⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        5⤵
        
        PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
      4⤵
      PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
      4⤵
      PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
      4⤵
      PID:18712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
      4⤵
      PID:6868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29824.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
      4⤵
      PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38919.exe
        5⤵
        
        PID:18820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
      4⤵
      PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
      4⤵
      PID:16156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
    3⤵
    PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        5⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        5⤵
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
      4⤵
      PID:17832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
      4⤵
      PID:19040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
    3⤵
    PID:9152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
    3⤵
    PID:14432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
    3⤵
    PID:18784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
    3⤵
    PID:5804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        8⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        6⤵
        
        PID:17880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        6⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        6⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        6⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        6⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59966.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        5⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40970.exe
        5⤵
        
        PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        6⤵
        
        PID:16744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46806.exe
        5⤵
        
        PID:18588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        5⤵
        
        PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
      4⤵
      PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
      4⤵
      PID:15224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        6⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63087.exe
        5⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22002.exe
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
      4⤵
      PID:13460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
      4⤵
      PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
      4⤵
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41498.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
      4⤵
      PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        5⤵
        
        PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
      4⤵
      PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29640.exe
      4⤵
      PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
      4⤵
      PID:7612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      4⤵
      PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        5⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33298.exe
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      4⤵
      PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
      4⤵
      PID:18704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
    3⤵
    PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
      4⤵
      PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      4⤵
      PID:7552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
    3⤵
    PID:8712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
    3⤵
    PID:14484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
    3⤵
    PID:18752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32304.exe
        6⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39125.exe
        7⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        6⤵
        
        PID:13932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        6⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54678.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7528.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        5⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        5⤵
        
        PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        5⤵
        
        PID:12412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8789.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10801.exe
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      4⤵
      PID:16376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
      4⤵
      PID:8084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
    3⤵
    PID:212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
      4⤵
      PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
    3⤵
    PID:10284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
    3⤵
    PID:18808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        5⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
      4⤵
      PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
        5⤵
        
        PID:19172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
      4⤵
      PID:12056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      4⤵
      PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
      4⤵
      PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36687.exe
        5⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      4⤵
      PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
      4⤵
      PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15457.exe
    3⤵
    PID:7796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58274.exe
    3⤵
    PID:10812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12432.exe
    3⤵
    PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
    3⤵
    PID:1380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22964.exe
      4⤵
      PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      4⤵
      PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
    3⤵
    PID:13364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
    3⤵
    PID:17568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
    3⤵
    PID:7636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
  2⤵
  PID:6004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63419.exe
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
    3⤵
    PID:13064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13489.exe
    3⤵
    PID:16864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
  2⤵
  PID:7880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
    3⤵
    PID:15988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
    3⤵
    PID:2276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39801.exe
  2⤵
  PID:10336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
  2⤵
  PID:13472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
  2⤵
  PID:1548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
  2⤵
  PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5688 -ip 5688
1⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 16280 -ip 16280
1⤵
PID:19312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 19376 -ip 19376
1⤵
PID:19140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 16992 -ip 16992
1⤵
PID:19304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7240 -ip 7240
1⤵
PID:19316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 19304 -ip 19304
1⤵
PID:4416

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7376

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:6872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe

Filesize
184KB

MD5
1241e4f438f922838fb73fbb69392208

SHA1
c09441eb89679c84857281752706cb8b3a423ff9

SHA256
5d0ae43340ce5696732ce64964e5079375f4caaaee21ecdca8e4afc2974e9224

SHA512
f04edbbc5e57af95e61ee166d070130059a7d1990b410b52fb731c7aff4c7852a0e5a6d96fba39cc57e4c3c9025a9547948e1afe1befd5be34117fb8532dd5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe

Filesize
184KB

MD5
266e9a71f2120db0fb5db1acdc89a292

SHA1
bef8c0839ee7824f314bd928b373a07062b3b2ed

SHA256
4bf725bfb7a36741fd68b92d1fc0030a871f7fae2e5ce9f0e08a68bd659e2fd3

SHA512
0714bcdf77f475c6fbfd5769affd97b71f9b0e29d159a4aba824cc525f47c6afd79c7b6b175cbdba004dc1b4bd9246ca899caa695a9d12946c6c448d115d7172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe

Filesize
184KB

MD5
186801c46ca63d5ca82384b72bba3e8a

SHA1
bdf682e63390888d3ebf263326f4cef54c2d9c0a

SHA256
45616559741cec793eb52fe8bcf1742e039e43afca65745e2d8e6920d6d49361

SHA512
58eafb6cb924b635827dd485f969bd668317758e301f6b24e7a6bea9dae07a5c91964247fdd62702a869eb04f02d959f7f94ec40493a7df11badde88be59b3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe

Filesize
184KB

MD5
a75c3c5c7b8760fe4e2d5988091f4d95

SHA1
9a3a830c67dcdc5f905a8c772a735dd3b7d47e88

SHA256
70be2780571a732d317594c7bf777828e4f1dd276844af703baab472db1f6db7

SHA512
2635fa2188ea6c994d399f50c81dd02102cedf7d59e81aafb321b482c0f2a268866bcd70b7d68a2c1918e728ec26acb5d4fc8f7ad8a6151adbf50f4b81cca7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe

Filesize
184KB

MD5
7c7cf687f1a877710cc4cb0854a8ad0e

SHA1
91019656bc2b10630211a34949a5c46ee4c7827b

SHA256
580f5498e1dcb410f05c6a8a962b02e5564f648811529e533c7e03b914f68cf2

SHA512
1411a8ee471e9c7215e8d964534c218d20341b9964367a85abf4b7b9921a6ac3dfb37349cbb46c4c11fd80d6fb7976ce9c0f7d01177fca4fd33f444ebd2d7333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe

Filesize
184KB

MD5
0c02787cacac2cf43fa7f45d9e058366

SHA1
4481ddcdbeb28c3775a245a9b668e5826d1e23b3

SHA256
0e3914a09f624b37230ef07ed0b7a35130d9c34cd3897dc13badcd741e24ef32

SHA512
a82c083769560b45b7a64ce56bfe3899005a099d34070386f83bf79f9b64fb257d6398d50674932c13bc03cc0221c82bdbf8d291298574bbbc3f7f87f8ee5beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe

Filesize
184KB

MD5
2580f1d805782038456cb8c36c3d0172

SHA1
b1eee04b8ec1cf758efc419475663a07da62e884

SHA256
169ebdb59c11d171535c89ef796894e905ce6593c8ad483f5c6159ee11cfac48

SHA512
aef2220b22be83bfbed8b759900b0b522404a1d82031d26e3b12a663c1d3b4f23b0663e855f09275ee8fe077fd2da3dfda87c6b1355e1c0ab3382854722b08f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe

Filesize
184KB

MD5
76955584ca26e1ce6fae7aa517bfa604

SHA1
215d293513b6f6ee8a8d22fb8a4ed5195f20c293

SHA256
1321aa294ac51c7dbd56a9159d0627e657430a383bc17773720defbe120898cc

SHA512
3b7dddc73624a38e53eb8512d905e4423fd6df48897d11683089584e183452898c2ec753a7591b7c27e1d17fe0101810138675b2799f02387f60d69b8db658b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe

Filesize
184KB

MD5
a7cc070d1f10615bfab3332d49f44b06

SHA1
cbb2ee0a6af5883446e0add384e24498419d6c08

SHA256
c6c077c62d7a858498817225fbd32791d0923c3213b7e6786649adbdf0a94bd2

SHA512
aa7151fd808ff9e156e27d1ed5a6dd7cf8bfe6eecbac43b794b4599cdff24c76b3e8be4e1803caaaa608c20132ce47d9f204ec676cf583c2e3880b193ab765f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe

Filesize
184KB

MD5
2c8c47da77c04230ee59132306240dcd

SHA1
ab71b5bebaa32083938704127823df115fb69787

SHA256
7ed3320ab7e1a9a2110fe58c55d60341c4c96373609da46ff8b5abe1da72b105

SHA512
973f833091da9fbaa070d9cd594b63e38c5573122bee3471ee429501577e5af42b1444d9d15cf72281ebe56a622bb29278b8edad7df39377c51c038c7fde00a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe

Filesize
184KB

MD5
519b646f0739b6bfb223ef7f79c3aeed

SHA1
fa62647a2fbac14b06650c8829f7c1f3a014a720

SHA256
1ca48746ba7ec345b6e66ca8150a618e9d82446eac05e0c4457392a1b7247333

SHA512
ff38b5d6ee0d3a26c85321b1f12a4ecabd71b64d277b096d532c1bd031c6e41cd7218d2c8a17a01cef9b8f9d026773b6ee8976f3570ff65ec3529e9c7d8306d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe

Filesize
184KB

MD5
5d9f6788a0c83c196169d5440af4fc9d

SHA1
ae4485448beb90619ce1974438de62fb34ec3658

SHA256
95cdf5bdbc7559bf4e5d43db60d1a4fe6350b0fe77908a54a55fc6a5be3fd346

SHA512
311e7f10b7debe3106677e4b8838ffe2f35fc69215f65d20550ebf3bbc747339c33f639d680bfdd7b7d8961b4088e4a782416205133b3da7384d356494421876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe

Filesize
184KB

MD5
a42a58b96905d3b21270bbbd5bd23176

SHA1
123933aa6f9874ed6ae67c6e9b3b4eb457bfaf03

SHA256
09466168732383ff6a377c6ce9abe0783f734b966fb94d4794ee38b2fab1a1f9

SHA512
1d6b828e1ee12071438d847c61fe27a742fb73c1dea7242d54158c31f9b68ab795948f95d564f61cfa7e9199558b12ba27a317df58b5065a21d07e3cad130158

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe

Filesize
184KB

MD5
6a19d8b5b7a51499a323bfa3549cd4d0

SHA1
b533fda805c06e1de79ea382d31015aef70b95f8

SHA256
a361a7fbb9c24c51e9806fcccb5ff80d0da849a914b2be86f41de0c7ee9406e4

SHA512
b932a98d781c9332c0617d8f412fa47e6b612e47524965364876cb7742a5cfae90e37a6ddd374f36c7425e948f20b46164ecc260435fd7d79a3dfc4cdb82d6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe

Filesize
184KB

MD5
02b126ee18b980ee94eeb06695933d49

SHA1
1c32e55f15c98b218e14b4522baa3c6bc7df5635

SHA256
18443629cae8e46f3608077ec11b54c9075ad1f49e28aa4f27d6ddc2fb8d3832

SHA512
875e702b7422d107ffedc80c11194269f1a7d4300ed63b892ed22779ff62a9c95e779fa1a27f60155d0b7d3feb085edcbe50c006d2790bcd0fc471c7b6931e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe

Filesize
184KB

MD5
98a1623cf04a5a3bbdc717d62d76fc31

SHA1
a83388b4ddd91c974002eb38d0d443b80c3a8d60

SHA256
234f5467c322e15fa7862edfb5f623af0002ef353652e647084b111e629e049d

SHA512
9e8b86170abf8599cb19a7fc82d361d7048a2f0948fa1170beb01757da21f32c36479934f0a9e8b6d9e48319848b637993ba5c04cfe744c04e61288faabcd05c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4637.exe

Filesize
184KB

MD5
18373256230391681bb779508fd78f9e

SHA1
1085328c02c3757278cef83780adbfaff87f35f8

SHA256
353db8f1f226d84e05f01731aff437ecbe69a0a13cc34d9c38f7b3ec5f57175b

SHA512
560b68545f23d07172b24bfa8dd5373f3013bba3736967435a5b27d0c16882a390ce2b8bc070eb1281261d3e1b9f67ffd53048a51ce0d068512cdd68a7b932cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe

Filesize
184KB

MD5
f2e67ad11864acd9a3ae2aedc8f0a80a

SHA1
303f30babe2fb97df7e3f7ad2e7630c0a1f8ac7a

SHA256
2c2f8d4282626e87069b54d7e3a4a182c5b6a685db3d51eb101231aa4bbf6612

SHA512
630d2f48c0eedca0e258eace8b014e10242f87013401b6f68cb316e344fe08d4154350bfe5cfa724f2aaada665eab20bf71ac6e0ac1a3a14c24b4da3eabaa9fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe

Filesize
184KB

MD5
dad49ce0dbb39ddb69c4d773e3f79363

SHA1
b2a82ef6f0b6429f30c15a59341bf8a40e770be1

SHA256
6a39497b612b30f41a81829783d72c155356d90f18857859c80337dc37e963ce

SHA512
8cd433b172f113c9074fb0ae4b3aaf06254a20193e7a9b342790b2c579fa1baa059fd47b42b82f1b32f9ddc97704e700dca13d31ab081bcc4efb8bebf0a8ae67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe

Filesize
184KB

MD5
538756346a9bc4e4fc4726945e5ea639

SHA1
79ba3b2bdb40a370cd05f6824df6a34dad944d13

SHA256
575b285e30c6c373fc93ca899bf30ff0e6bd9ac3f325fbd776c75e5639c61243

SHA512
886d109fce55327adb2863581292c611bacb7a34538816a999216bcfe86d17da3bf1a36500ad67d1a97d1baa5047d91593d02655e7e5f985f77a5eee8c1d2d85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe

Filesize
184KB

MD5
def3590cfa7c1567d5536fcf627edf0d

SHA1
4294aa34d0637e1730fec25a8416c5b4ca038427

SHA256
f7c902cf48cae95c16794db855003bbaaf3b03e0139d8c0fa4c4b5262c11e1e1

SHA512
3889dafa3368603610d5b13c7a1a9b8a33261b16efd88e18abcb35f28fa5461b9a1b8d804c01b8a1b3d473f63cb7b73025b970e6e6cd4479c63719a1a334f24c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe

Filesize
184KB

MD5
01dca7c92618f17d091d22159c2e9f96

SHA1
eb99e33006b8daecfe4922834b14b1d52dc06c66

SHA256
c1868ed7787802dbb40545385dac6e14a2ceb2129515cc65bab97054c35043d8

SHA512
293fb5ca231265b268b70ba58acb7da810d6600bf92fead9ba358cb9cecc3457373b52fb1f7fc37086ecddb306dc3a0f27d7a811dc8632eead778c7df2d75cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe

Filesize
184KB

MD5
ffcdc9c1846590d5a49c3d5b862e5388

SHA1
626e86367d5393a510399141b43b36dfaa119e74

SHA256
04fb557281ee194fef6f41ef37b35befbcae88cbfde074e7344cba50b3a95f27

SHA512
bc2cf516d3370ae7734291d761dc65725c13251595fb155b8414488356a0d191acbaf2fe26fb5b5c969858cf435f30dd891abe433e78d62d548a5cdc542f45e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe

Filesize
184KB

MD5
b62eabc6b91d529c3b17099d56473980

SHA1
906e9fdb697a755aa20d5163d9ac3f5e1ec921ad

SHA256
0bf1ec4debe8024d769921f98517c59364060511ef5a6e7a5ceeb3b3f181afa2

SHA512
b67c4e18b0c1566c95c2983df8a39c299fe67b0ad5b708fbdb191672f8845719e0b1ff2f91ceb5da8bf4aa4ca75e9743ba35968ab1d8edffad4ee4bb9f2f3aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe

Filesize
184KB

MD5
99d70d59608914266f76f0b3cb07a86f

SHA1
54ccd31e7ceab37e309d1302eb62df59cfd54f65

SHA256
a26c7fffcf4a05be74abeb2d54facd81d5e7a08c317e5521b165aa11168d306f

SHA512
2267b4da848fba7e2075818bedac43a36fdc991d0c1f099d7e5642c992c532869d18b8c92a1102203dd343aeb08ce3eadff111b05af878de0eac0c358112ab7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe

Filesize
184KB

MD5
89cf31d85d2fbd4fbc8df9a4257311a4

SHA1
d8a588881839be4aa67ec0c014bd0deeb27c36d6

SHA256
a2e010585e192ab6df1023fae11411466d5ddc49a979960413036fc2df23c8c5

SHA512
b6a05bb0f6cfae54bd28e4dd6dfd64bac73cb5d4432701bfff37d46d81d2703e8db3d5ec600837653700d480c793c3fb6effc076292a94c9ce77633fde1af35d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe

Filesize
184KB

MD5
3ddc0733e113347611e6e24ae1e1ec76

SHA1
62f46e59ce915427dce211ce4fae39c42e0b7587

SHA256
cd00f2f90ec14d3854c387f74a6278bc9f62919c4fdaeed8cc58b10a2bfb9371

SHA512
e200cca736db92864afeafb8bc5cc3e6d381033e199125f6affc4f2b7cb967e56b3b244a832aa7812eed706c8818ea30f8cacb14f2772878ed593630a47ace29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe

Filesize
184KB

MD5
455c166ed65c2ce02187f618fe2fc7b4

SHA1
d62a4985ac58dca9749245682124c2a5ed043833

SHA256
372464a60239be949c8417a5808c7b6b7210d5714ad3d9b26f55ea6ee52b43a0

SHA512
444c669da3ed35e402e3df5ef45243864889cc412bffd835fbcd095b4c2c68b3ad18905e9ac869f0d04efbecf2bd8226cc3d9849e14de0c3fde1eb7a0cb59c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe

Filesize
184KB

MD5
aca53acfb94d2ba2baa506b03050164e

SHA1
9dfb73833f8daf3f65a376cd6357df158aa582a7

SHA256
689fc2fcb0f68f1382309902d80506aa733bcddd6ca069e4c4ffee45431f32f9

SHA512
468c2f337781f4913fe3920a24907d6e2e4d4e36c005f514eb0acd88a75924640bde25c4462e1b88c90ddec2ab89e9b673ea22361a69984c93406ff7f5272c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe

Filesize
184KB

MD5
fccf955c269dafb5fbf69473bbe33b00

SHA1
c6f438fc57ab24b94910751958c45e739d2be461

SHA256
904e5bfdbad7063864989617c1a4b3e5b0f2a6d0da8a357ccfb0347fe456ab01

SHA512
0c1832bace7e6b8baa9d43f5889fb2dbb748909129ecaffd7b1118f1813f1970ba1a80d6537e46c899b1562e6ea0ca4fd342d597bebb773455961c23ac82c079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9542.exe

Filesize
184KB

MD5
d13b2c8d424193ac14f04efa4936862c

SHA1
70148a7bfb2e029c68679574096a70a7e87ee3b2

SHA256
a2718f3c65df7abca53f627432ac18680020e05428495d46d0498256fca44803

SHA512
746aad7aacc17bd5db06192e768adfc68d2d7e01fe3fc0ad894356a36bf45dfe7b593901e725dd5eba49ecc9d2e4e648c27308d4198dfac53afbae3b54031d5b

Download Submit
memory/1748-2842-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4176-3685-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads