bf5de1bf6fe7ebdc6bc1864c69f66583f06798a32513b90b21b148c29ce0bd86

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 09:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe
Size

184KB
MD5

0d4dd62ad650fd7cb91c2ce25316e9f0
SHA1

b22c3a0980ad80c69bba4083f9450520d0d36273
SHA256

bf5de1bf6fe7ebdc6bc1864c69f66583f06798a32513b90b21b148c29ce0bd86
SHA512

5c6a0027436760970fd3efb3301e5421d67d66b8f965c9e23dbf8eda7ec5cd3eca65776d1b8bcdd9f63c297ff261fda2946a9706910cef57cd65739a7a643835
SSDEEP

3072:kmK4vEofhMwIyK7t3N3y+34abvnq4viuln3:kmGoJnK77yM4abPq4viul

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3208	Unicorn-47508.exe
220	Unicorn-34353.exe
2808	Unicorn-22655.exe
212	Unicorn-60092.exe
4252	Unicorn-12515.exe
4832	Unicorn-14975.exe
1076	Unicorn-34418.exe
5040	Unicorn-9952.exe
3468	Unicorn-50471.exe
2384	Unicorn-39008.exe
3096	Unicorn-39008.exe
1088	Unicorn-41046.exe
3172	Unicorn-64581.exe
412	Unicorn-23226.exe
2236	Unicorn-2863.exe
1228	Unicorn-49480.exe
4816	Unicorn-10485.exe
4364	Unicorn-834.exe
4988	Unicorn-20508.exe
2904	Unicorn-58333.exe
3964	Unicorn-40928.exe
4900	Unicorn-21062.exe
4500	Unicorn-34797.exe
3832	Unicorn-33314.exe
4476	Unicorn-53180.exe
3176	Unicorn-13771.exe
2896	Unicorn-20050.exe
2916	Unicorn-20316.exe
3744	Unicorn-20316.exe
4740	Unicorn-36958.exe
5016	Unicorn-32951.exe
3244	Unicorn-24037.exe
5028	Unicorn-52303.exe
3764	Unicorn-43388.exe
2712	Unicorn-15411.exe
2300	Unicorn-23845.exe
4212	Unicorn-309.exe
2372	Unicorn-43004.exe
4516	Unicorn-29635.exe
5036	Unicorn-64576.exe
4024	Unicorn-7207.exe
2672	Unicorn-52879.exe
3756	Unicorn-11026.exe
2924	Unicorn-49117.exe
4056	Unicorn-51155.exe
404	Unicorn-43964.exe
3512	Unicorn-43964.exe
4744	Unicorn-44519.exe
736	Unicorn-44519.exe
2560	Unicorn-7015.exe
4300	Unicorn-22374.exe
4920	Unicorn-11099.exe
4892	Unicorn-48925.exe
3596	Unicorn-25389.exe
224	Unicorn-31520.exe
4636	Unicorn-31520.exe
1456	Unicorn-52247.exe
2788	Unicorn-61177.exe
4552	Unicorn-41311.exe
2132	Unicorn-35711.exe
3020	Unicorn-23906.exe
612	Unicorn-26341.exe
2668	Unicorn-64258.exe
1536	Unicorn-63097.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
5224	4552	WerFault.exe	153
6968	5892	WerFault.exe	195
8572	6176	WerFault.exe	239
1936	6208	WerFault.exe	241
9136	6268	WerFault.exe	244
8800	5332	WerFault.exe	235
12512	11504	WerFault.exe
12504	11280	WerFault.exe
14504	14380	WerFault.exe
17896	16504	WerFault.exe	832
12340	7376	Process not Found	1148

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
16836	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8184	Process not Found
Token: SeChangeNotifyPrivilege	8184	Process not Found
Token: 33	8184	Process not Found
Token: SeIncBasePriorityPrivilege	8184	Process not Found
Token: SeCreateGlobalPrivilege	12980	Process not Found
Token: SeChangeNotifyPrivilege	12980	Process not Found
Token: 33	12980	Process not Found
Token: SeIncBasePriorityPrivilege	12980	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe
3208	Unicorn-47508.exe
220	Unicorn-34353.exe
2808	Unicorn-22655.exe
212	Unicorn-60092.exe
4252	Unicorn-12515.exe
4832	Unicorn-14975.exe
1076	Unicorn-34418.exe
5040	Unicorn-9952.exe
3468	Unicorn-50471.exe
3096	Unicorn-39008.exe
2384	Unicorn-39008.exe
412	Unicorn-23226.exe
3172	Unicorn-64581.exe
2236	Unicorn-2863.exe
1088	Unicorn-41046.exe
1228	Unicorn-49480.exe
4816	Unicorn-10485.exe
4364	Unicorn-834.exe
4988	Unicorn-20508.exe
2904	Unicorn-58333.exe
4500	Unicorn-34797.exe
4900	Unicorn-21062.exe
4476	Unicorn-53180.exe
3832	Unicorn-33314.exe
3964	Unicorn-40928.exe
3744	Unicorn-20316.exe
3176	Unicorn-13771.exe
2896	Unicorn-20050.exe
2916	Unicorn-20316.exe
4740	Unicorn-36958.exe
5016	Unicorn-32951.exe
3244	Unicorn-24037.exe
5028	Unicorn-52303.exe
3764	Unicorn-43388.exe
2712	Unicorn-15411.exe
2300	Unicorn-23845.exe
4212	Unicorn-309.exe
2372	Unicorn-43004.exe
4516	Unicorn-29635.exe
4024	Unicorn-7207.exe
5036	Unicorn-64576.exe
2672	Unicorn-52879.exe
3756	Unicorn-11026.exe
2924	Unicorn-49117.exe
4056	Unicorn-51155.exe
3512	Unicorn-43964.exe
4744	Unicorn-44519.exe
2560	Unicorn-7015.exe
4892	Unicorn-48925.exe
404	Unicorn-43964.exe
736	Unicorn-44519.exe
224	Unicorn-31520.exe
4300	Unicorn-22374.exe
4636	Unicorn-31520.exe
1456	Unicorn-52247.exe
4920	Unicorn-11099.exe
2132	Unicorn-35711.exe
2788	Unicorn-61177.exe
3596	Unicorn-25389.exe
4552	Unicorn-41311.exe
3020	Unicorn-23906.exe
612	Unicorn-26341.exe
2668	Unicorn-64258.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 3208	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	90
PID 4392 wrote to memory of 3208	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	90
PID 4392 wrote to memory of 3208	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	90
PID 3208 wrote to memory of 220	3208	Unicorn-47508.exe	94
PID 3208 wrote to memory of 220	3208	Unicorn-47508.exe	94
PID 3208 wrote to memory of 220	3208	Unicorn-47508.exe	94
PID 4392 wrote to memory of 2808	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	95
PID 4392 wrote to memory of 2808	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	95
PID 4392 wrote to memory of 2808	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	95
PID 220 wrote to memory of 212	220	Unicorn-34353.exe	97
PID 220 wrote to memory of 212	220	Unicorn-34353.exe	97
PID 220 wrote to memory of 212	220	Unicorn-34353.exe	97
PID 3208 wrote to memory of 4252	3208	Unicorn-47508.exe	98
PID 3208 wrote to memory of 4252	3208	Unicorn-47508.exe	98
PID 3208 wrote to memory of 4252	3208	Unicorn-47508.exe	98
PID 2808 wrote to memory of 4832	2808	Unicorn-22655.exe	99
PID 2808 wrote to memory of 4832	2808	Unicorn-22655.exe	99
PID 2808 wrote to memory of 4832	2808	Unicorn-22655.exe	99
PID 4392 wrote to memory of 1076	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	100
PID 4392 wrote to memory of 1076	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	100
PID 4392 wrote to memory of 1076	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	100
PID 212 wrote to memory of 5040	212	Unicorn-60092.exe	102
PID 212 wrote to memory of 5040	212	Unicorn-60092.exe	102
PID 212 wrote to memory of 5040	212	Unicorn-60092.exe	102
PID 220 wrote to memory of 3468	220	Unicorn-34353.exe	103
PID 220 wrote to memory of 3468	220	Unicorn-34353.exe	103
PID 220 wrote to memory of 3468	220	Unicorn-34353.exe	103
PID 4832 wrote to memory of 2384	4832	Unicorn-14975.exe	105
PID 4832 wrote to memory of 2384	4832	Unicorn-14975.exe	105
PID 4832 wrote to memory of 2384	4832	Unicorn-14975.exe	105
PID 4252 wrote to memory of 3096	4252	Unicorn-12515.exe	104
PID 4252 wrote to memory of 3096	4252	Unicorn-12515.exe	104
PID 4252 wrote to memory of 3096	4252	Unicorn-12515.exe	104
PID 1076 wrote to memory of 3172	1076	Unicorn-34418.exe	106
PID 1076 wrote to memory of 3172	1076	Unicorn-34418.exe	106
PID 1076 wrote to memory of 3172	1076	Unicorn-34418.exe	106
PID 3208 wrote to memory of 1088	3208	Unicorn-47508.exe	107
PID 3208 wrote to memory of 1088	3208	Unicorn-47508.exe	107
PID 3208 wrote to memory of 1088	3208	Unicorn-47508.exe	107
PID 2808 wrote to memory of 412	2808	Unicorn-22655.exe	108
PID 2808 wrote to memory of 412	2808	Unicorn-22655.exe	108
PID 2808 wrote to memory of 412	2808	Unicorn-22655.exe	108
PID 4392 wrote to memory of 2236	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	109
PID 4392 wrote to memory of 2236	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	109
PID 4392 wrote to memory of 2236	4392	0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe	109
PID 3468 wrote to memory of 1228	3468	Unicorn-50471.exe	110
PID 3468 wrote to memory of 1228	3468	Unicorn-50471.exe	110
PID 3468 wrote to memory of 1228	3468	Unicorn-50471.exe	110
PID 220 wrote to memory of 4816	220	Unicorn-34353.exe	111
PID 220 wrote to memory of 4816	220	Unicorn-34353.exe	111
PID 220 wrote to memory of 4816	220	Unicorn-34353.exe	111
PID 212 wrote to memory of 4364	212	Unicorn-60092.exe	112
PID 212 wrote to memory of 4364	212	Unicorn-60092.exe	112
PID 212 wrote to memory of 4364	212	Unicorn-60092.exe	112
PID 3096 wrote to memory of 4988	3096	Unicorn-39008.exe	113
PID 3096 wrote to memory of 4988	3096	Unicorn-39008.exe	113
PID 3096 wrote to memory of 4988	3096	Unicorn-39008.exe	113
PID 412 wrote to memory of 2904	412	Unicorn-23226.exe	114
PID 412 wrote to memory of 2904	412	Unicorn-23226.exe	114
PID 412 wrote to memory of 2904	412	Unicorn-23226.exe	114
PID 2384 wrote to memory of 3964	2384	Unicorn-39008.exe	115
PID 2384 wrote to memory of 3964	2384	Unicorn-39008.exe	115
PID 2384 wrote to memory of 3964	2384	Unicorn-39008.exe	115
PID 4252 wrote to memory of 4900	4252	Unicorn-12515.exe	116

C:\Users\Admin\AppData\Local\Temp\0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\0d4dd62ad650fd7cb91c2ce25316e9f0_NEIKI.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        10⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        10⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        10⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        9⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        8⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        9⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        9⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        9⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        8⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        8⤵
        
        PID:15656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        8⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51207.exe
        7⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        8⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        9⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        8⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        7⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        7⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        7⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        7⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 604
        9⤵
        Program crash
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
        9⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        9⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        8⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        8⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        9⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        8⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11280 -s 224
        9⤵
        Program crash
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        8⤵
        
        PID:13664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        8⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        7⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        7⤵
        
        PID:17096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        9⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        9⤵
        
        PID:18428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        8⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        8⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        7⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
        7⤵
        
        PID:17088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        7⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        6⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 628
        7⤵
        Program crash
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        5⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        6⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        7⤵
        
        PID:13112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        7⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        6⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14380 -s 212
        7⤵
        Program crash
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        6⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
        6⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        6⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        5⤵
        
        PID:16828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        7⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        9⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        10⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        10⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        9⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        9⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        9⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        9⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        9⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        8⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        8⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        7⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        7⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        7⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        9⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
        8⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60039.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        8⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        8⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        7⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        7⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        7⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63097.exe
        6⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44872.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22370.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        9⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        9⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        8⤵
        
        PID:16496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10597.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        7⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        8⤵
        
        PID:14852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        7⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        7⤵
        
        PID:17788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16857.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33601.exe
        6⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        6⤵
        
        PID:14436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        5⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        6⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        8⤵
        
        PID:13020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        7⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        6⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        5⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        8⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        6⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        6⤵
        
        PID:16780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44769.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        6⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        5⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        
        PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30560.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        7⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55805.exe
        5⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
      4⤵
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        5⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12576.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        5⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      4⤵
      PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
      4⤵
      PID:16232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44379.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
        9⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
        9⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        9⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        8⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        8⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        9⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        9⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        9⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        9⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        8⤵
        
        PID:18292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        7⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        7⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        7⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        7⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
        6⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        7⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 600
        8⤵
        Program crash
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe
        8⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        8⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        8⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        7⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        7⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        6⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        7⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        7⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54192.exe
        5⤵
        
        PID:6208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 640
        6⤵
        Program crash
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18342.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        7⤵
        
        PID:12988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        7⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        7⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        6⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15110.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        6⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        5⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        7⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        7⤵
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10206.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45708.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        6⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        5⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        6⤵
        
        PID:14304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        6⤵
        
        PID:18408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        5⤵
        
        PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
      4⤵
      PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
      4⤵
      PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        7⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        6⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49282.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 640
        5⤵
        Program crash
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43549.exe
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        6⤵
        
        PID:16164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35429.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      4⤵
      PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        5⤵
        
        PID:5892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 488
        6⤵
        Program crash
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        5⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20820.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        6⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
        5⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        6⤵
        
        PID:12472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        5⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      4⤵
      PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48609.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        5⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        5⤵
        
        PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
      4⤵
      PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
      4⤵
      PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        5⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
      4⤵
      PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
      4⤵
      PID:15336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
    3⤵
    PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
      4⤵
      PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
      4⤵
      PID:17564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
    3⤵
    PID:11548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
    3⤵
    PID:16840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
    3⤵
    PID:17840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
        8⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        7⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        8⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        7⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        7⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        6⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        8⤵
        
        PID:17848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41991.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        7⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        7⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:18044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        7⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        6⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        5⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46689.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        6⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
        5⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        5⤵
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        8⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        7⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        6⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        7⤵
        
        PID:17552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        6⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
        5⤵
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        5⤵
        
        PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        5⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60902.exe
        5⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        5⤵
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        5⤵
        
        PID:16504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16504 -s 436
        6⤵
        Program crash
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
      4⤵
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52059.exe
      4⤵
      PID:16756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        6⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        9⤵
        
        PID:15348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        7⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        7⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2634.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        6⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        7⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60194.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        5⤵
        
        PID:14036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        
        PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        6⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        5⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6992.exe
        6⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        5⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29963.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        5⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20986.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      4⤵
      PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32153.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        6⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        7⤵
        
        PID:16220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
        6⤵
        
        PID:13272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        6⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48484.exe
        6⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11504 -s 176
        7⤵
        Program crash
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        6⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
      4⤵
      PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        5⤵
        
        PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
      4⤵
      PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4602.exe
      4⤵
      PID:8768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        7⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
        5⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        6⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
      4⤵
      PID:9768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      PID:5064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
    3⤵
    PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52025.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        5⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        5⤵
        
        PID:16064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35546.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
      4⤵
      PID:11388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      4⤵
      PID:15072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      4⤵
      PID:8736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45625.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16992.exe
      4⤵
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
    3⤵
    PID:9196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
    3⤵
    PID:14616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
    3⤵
    PID:5576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28645.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        8⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        7⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        6⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        5⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        6⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7430.exe
        5⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        5⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        5⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        6⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
      4⤵
      PID:14668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        7⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7428.exe
        7⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        7⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        5⤵
        
        PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20680.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        5⤵
        
        PID:15412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
      4⤵
      PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
      4⤵
      PID:6792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30608.exe
        6⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        5⤵
        
        PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        5⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
      4⤵
      PID:9688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
      4⤵
      PID:15028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54381.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
      4⤵
      PID:8864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18277.exe
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
      4⤵
      PID:13428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
    3⤵
    PID:12076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
    3⤵
    PID:16208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
    3⤵
    PID:6080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        7⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        6⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        5⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63883.exe
        5⤵
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28728.exe
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      4⤵
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        6⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
        6⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18389.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        5⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        5⤵
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
      4⤵
      PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
      4⤵
      PID:13108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        5⤵
        
        PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64171.exe
    3⤵
    PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
      4⤵
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
    3⤵
    PID:10364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
    3⤵
    PID:15076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
    3⤵
    PID:17876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
    3⤵
    PID:6732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44892.exe
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        5⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        5⤵
        
        PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25026.exe
      4⤵
      PID:16224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
      4⤵
      PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
      4⤵
      PID:14832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
      4⤵
      PID:8864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
    3⤵
    PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
    3⤵
    PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      4⤵
      PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        5⤵
        
        PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
      4⤵
      PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47766.exe
      4⤵
      PID:14460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30277.exe
      4⤵
      PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
    3⤵
    PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
    3⤵
    PID:14704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
    3⤵
    PID:5648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
  2⤵
  PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
      4⤵
      PID:15364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
    3⤵
    PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
    3⤵
    PID:14648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
    3⤵
    PID:6364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
  2⤵
  PID:6964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
  2⤵
  PID:11084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
  2⤵
  PID:16260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
  2⤵
  PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4552 -ip 4552
1⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5892 -ip 5892
1⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 5332 -ip 5332
1⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6268 -ip 6268
1⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6176 -ip 6176
1⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5844 -ip 5844
1⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6208 -ip 6208
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5312 -ip 5312
1⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 11280 -ip 11280
1⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 11504 -ip 11504
1⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 14380 -ip 14380
1⤵
PID:14472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6024 -ip 6024
1⤵
PID:17892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:16836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe

Filesize
184KB

MD5
5822637df794b2d162cf9702e01814e7

SHA1
f4718c09919d69a95bb06d6ed067e7f8d5bb3c8e

SHA256
40bddb263940eabe9fbf24c651caecd87f4d44de2c8991968176abff44fe527d

SHA512
123714962023624675701a548af9fa3c3ecbe013522edc58f2b616bcc9a1be6c7293c9ebf64fc1b1188abaf9908349bbee60041bc94f7ab709ba5a57e6aef245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe

Filesize
184KB

MD5
5e134eb54fbe9e614f752ae4eec0883d

SHA1
a4730072d3e2aecc1772f1b0d89b0cf77125aa91

SHA256
04093f4e59e359760f46ccc3d13f3e24a3279d7e1db351bf252021f74453caca

SHA512
7738507f2db1f95b2f624753814307d81e8f891907bac5cddd02cf6faf417a93530804d43bb1fcb86a6885b39ec487446ec2863c808c74b151e3b885343ef6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe

Filesize
184KB

MD5
859bb4d66906d2b2e26254e53f068012

SHA1
642d451a98b0ebf924cd658882908d0b6d39ad3c

SHA256
bdaea605288a14383fc9a0c4168e72359268571a0cf968f3c62f176a4b0e9f88

SHA512
97da5354f6d37556db34f4f7ee8d5af1d62c153e1efee1331110c76b54b195847b668aeefd04bbac1d507a9968e598447eef0f930962a9e94e4e8dbbb1d1ae49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe

Filesize
184KB

MD5
a4c357ef11de4e21e575a7360fc21726

SHA1
6a2f6d6ff5dbd813e275c61f7dd06a29f2075933

SHA256
1077f2b96ab78857d0494cc36b4671d370415fd0852370bb2f5c857a9f541d49

SHA512
7ce9a753bb84ac9593d738a9f9684f0c4441cad5ad1b130edbd8bd19ff1fc42cd7e83ba24ca5af0b675b9b452ed442095e348619ff9b44fdf5edabe2882dbb84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe

Filesize
184KB

MD5
304fb8ace1687afebf062077073f44d0

SHA1
607d38143656dd7726faf5b53107339bf89ebb19

SHA256
a2eec78368e0932dccc301e2645f7ece9a972781cd2152fc3f72bb2970a964c1

SHA512
1e87f02496ae2787708631ac0b54ca41eeee619049fc8eb7377db4284d9dd5b5c4cfbf146d425c48742f59af6c8d844039a7042d7fcac4b741cbdde18ac2b5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe

Filesize
184KB

MD5
f0d2c76207f7b8e1e500888172dbb1bf

SHA1
22b9954434d324c0e9819edf70c75c9409d6f713

SHA256
6f0ed5f45d9525480c24900cb6d86755883f85bebbf529a9c086b17a335934a0

SHA512
f4fc2eea61a3a2c42d13a9deeee1b26aac9e7174e07e77814f53aa40952cdd46acaab02c88e1decfd0983c50a0e9885a8f086e5663ac83af074247bd8392128f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe

Filesize
184KB

MD5
009fc3d27286df9e61c00406903d931c

SHA1
d73e14060785cb1ae17ee702b32351863980b6f1

SHA256
ba4d8d64a26d8ac94cbffe268016574933d19f5ed87fbe905c682109a714a2b4

SHA512
e3cef564ff01df3506ab4f7880fb679233a98edf3edf9a98eabd2ab833d1c62662e0d992de69290b3101863199c27833af271b680a9ae81e2ad45fa6171efa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe

Filesize
184KB

MD5
c56655ecf2d1ea47483337a0ac1297b1

SHA1
7978dd8ed14c12adc5bfd80700f67d90f504e9d4

SHA256
26ef0ecab6e20a6cf2d5975fe20440eabd78ad5f263bef83004f9fada7500bdc

SHA512
0a50a26c16d0b4ade505da1ae71cf8f2e049fee5b0a01b6ac0395607ee4e999a2603680902a00a5c0c3a381bf3178e39b64571ae21456903413cdb446926986e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe

Filesize
184KB

MD5
cbbb470dc3da89dda3db7920d9fc008a

SHA1
0174c9e62e8793c2c8bed9316c0a749e94c8d415

SHA256
10613a70ea187d753fab8cf935a028500f8e259542b25cd3004e3d255691016c

SHA512
a9f57a1b9213014fe79d516ef19c7f8d9022e23613823bbc321c35f0fba6d9a666d0d5a07dd9c45940148cefc2c006e56ec45c9b182f92cc8298e3b0c2204dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe

Filesize
184KB

MD5
2cfd91a74427d06669a076f0f3ee5004

SHA1
e1a69d1df6b6350d46d462bcc7d222743d3f7791

SHA256
30483d9a784d66f56b2812347428ed82021a155cd26aea196cf2a442b8100bc3

SHA512
5c9eea50c9a1684ee7ce57777603fee45c82ce1de62110cfd2400e7321940ce25b32fa1f330857b236467bc2a0569fb74dbd3894b5f77bb96814777da2f1b54a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe

Filesize
184KB

MD5
3a5a8c52bc7b5f33f7233b499930f623

SHA1
dac9eaa7e646c5a64624daa8d7ac7ef2645afa5e

SHA256
518376978d79f0574f35b5d767aa543c82ed585848894e626c466cb33de4d670

SHA512
4b0b533c9ca983489be67b1833db24b2c50f4d2808f3a0d741deabc4ad49daedff1ef775116705fc4af7874aa9d3f06a58fb5f2d00b3d96e2977fe692d968e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe

Filesize
184KB

MD5
f8d1c9d804784d0025d89b2bd00304e5

SHA1
4ccaa1e67fd2a225446484e1028d32fd272a0dfc

SHA256
3342a0fdb48af37196e60d7038e08ae8e373baef2fd4a2b64f703cecd82bdb67

SHA512
79467a41391d9d4e64571b125ea8365505bdd9b4f479f89015034712c687ed6a7a452b140cace2ac2df6488025368973948f5ee74c35182d3640a265e8e873a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe

Filesize
184KB

MD5
78f552b2797d4f47c605a7f748592956

SHA1
ddfc574a0b5b12aac4b8985c842eeb458fa90ca0

SHA256
e789b7e384986fcde683e4ef0862867c2d57e83dd6a8f83b9437617b0454c21b

SHA512
3a4d382b21890a10e08773112b42de8234e6d98eb49706faf673c5434bacadff1b5b315e7bbab02dee229668c926f7ec540dc576c8e11598d3be3780e69cdbc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe

Filesize
184KB

MD5
90a439862d7283121e300855e6ba1ca5

SHA1
c6dfae08c44b822708bd309f463fd866a28aea01

SHA256
ac2f5fd32bf377d873cd889448cb4d54941d07f0152beab78e61eeda0c9c6426

SHA512
cd98b8a98312ee9046df532923bda55476eabf4346bed3fe3dcaafc9b915fbdc47e96e39ae5f21b7d50ea388eb4a6d439db0ce7d765c9142db7e1d50fcda6597

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe

Filesize
184KB

MD5
969d1ac7f6a490c54e03a40f5728ceaf

SHA1
74c3cf91afbdafb396e1594aa1667cf4bd155985

SHA256
c1d009061519dc7e84b3f61deb2d537c5d16a53c7f8b91cbd9c1428b7c89dfe1

SHA512
20eb8fdec7cff76d95848fb7d98bec6ea11b5fab49c7b1eccc89bb1a6322ec563f73d82858209717c358c6b5bad175f4ecc50fd55545eee2d16a434e5d6219cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe

Filesize
184KB

MD5
5ccb6f3f6c99b1217b6aff27c0878219

SHA1
6b3c08db4ccee923f70669b4a7d5478a22c88a0f

SHA256
cafda045ec03d5a518df1b6d0584f605a986bc8ac478e469a0d75ecbf10f7bad

SHA512
a4a7ab74046f07f02938ab1ccecab7b355deff57c2a37e84238bcab4f25741ebfd857e5dac14791e848723e0f1a058f16dfaa30bf05222b0f195dea1da821f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe

Filesize
184KB

MD5
6e93436af1f396e41902df073b17ad79

SHA1
c49831e99130a53706151ff345d317f356b0c837

SHA256
62369f857c4f86ade1312c1f9bc93bae18ddf77ec3dc751f928661e6660b81c7

SHA512
f7ad440fa2735204532f07f857cc6b6fc4ae11a794af4d98145e9fd3cae4f0ed0a05c8546b1cc8cf1156f717418eee14d9f88dd7d949002a0350d5629218d6a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34353.exe

Filesize
184KB

MD5
077ae4c35442468a5d72f6f87411ed28

SHA1
f1f53a57d1f864228f009b088302feefea74a520

SHA256
01404083c8dd861d261b21590b6d8ffe5c9a2ade6ca5b7d5d999d1b1f1a65713

SHA512
3c9c2a86568c32620630cbb1039e6abddaaa677a546a7254ee116c6d1be3b70aeb11d602c41acc9bf91c982ff0952e39470e850ab58f302e7af5f918eece14df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe

Filesize
184KB

MD5
839ca55501c9887f671fe79cee3a00b3

SHA1
79bf06699615fa2b025c500ab9325a7b3b205a95

SHA256
03a465df820fc1760c2912945068f24d9f669365d545b8de146eda4f7ff48160

SHA512
0742bd5323ea26840219f33fab04f99b83a5dae95d02b4562c419cdda19fddcf0aabdd743ec5f2fe748c4c133a73dafa0e9764b5b272e55a90b0c11e1b242d2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe

Filesize
184KB

MD5
5476d6338eebe4f862959687d555554a

SHA1
50dacc8eb961f3939caff5e669815d0df5c8cebc

SHA256
94b5259e8a0309a0d5c6c69414b8ed1e80b56b591a0724cc9bc6b06a3068e2b9

SHA512
f9954e6ddad96e86c2f5102002383b7d4b5ca1280c1fd82588274c17b66131d5dc367061d1a66523c9de42e91e18fabc107b4da6954abda8959357ae2bcdbe58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe

Filesize
184KB

MD5
73a6563c111c05a7039888dfc7b731e2

SHA1
c52badc99f55470b1675b2d5b5926e10ca84817f

SHA256
e0e7b2aaacd929c49b2b3d77610090bb55dbe8ff3af6bf9d80250902ceccce83

SHA512
9389b7cccb33f4e3bbf4f10657d95069b6ed8d5ada13f296a371a7f1a4d34013c5ebcf04d5285ef112adf2e832060b1f4004a6a3f671029703628fabb940fec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe

Filesize
184KB

MD5
b7889506b8017c7f0938ebde94a314b5

SHA1
45ff56b73a03a3daa1f5b15852c1b3d718ce1183

SHA256
0e13eb747211be499331f79a3785be8d41e857e910e6f613586d90e5e1715ed3

SHA512
aeb960a103d7b671e93699aa5022f092265321e08ce932658de445ad4a218b6893be4d654e1bd4de30e69859abdacffd1e9cd9489bba8d13869177a7677298f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe

Filesize
184KB

MD5
283d1baa2dca41744f82cb973ec0f0c8

SHA1
502d7451ebae790015d912279e12e16063a8420e

SHA256
d8d26162e252d2c661d4aba7e168a006894764d4d771ec4bdaa842ec29ed3b37

SHA512
e95e0dc8de880aa462eb5d5e76cb8b5d18b46aafff851965c568d266a77271e013ee60442cee25b1ed195466e5eb3e389c755e44fa1eae346a8b02034f7cdb96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe

Filesize
184KB

MD5
d20d2c866e36b0c9263aa8c2ea7a599a

SHA1
f0e2619337a5b53e3a6ea5957d9d3566ff5f1c6b

SHA256
7416bedfec79bde1603bf2b9c35660f32137abe34c4df488d5df5b9687f50f36

SHA512
41744883c1ffdd63795891ed608791181de418a1afe6bbafee671cd089bceb6efc8eafb38280f3782f7ffba9694ab4ad95ad948ae3e9c6b86aeae2d9726c891f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe

Filesize
184KB

MD5
a3e691b3b3dd8fc83e87364d9377e7bc

SHA1
1c9c28b6ea60daa8744ef16729ce2bf87ada861b

SHA256
05e5de20b19e84d3b9a1ca3c1eb9449b62fb4560b329409a63ae6452d6bede4c

SHA512
c3e509ef5fbbb45850ffcf3530df783d0247f9cb8acba5b8a3368dd2e4d78d3634c546b63e4d1fce7f1c690a70885587718c8d9f617982b108af115e060c1c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe

Filesize
184KB

MD5
0cf395a116cbb1cbedb21bd481e2bee8

SHA1
b19c09f0552f0197cb8c4bbce4a7093e9b61a3cf

SHA256
a19ad7bdbc31f3af7cd79ef72f38313b674c043dee102a9af92f8f54b8736c3d

SHA512
ff9ced394296dee5d52a59d3d24e02e43404cfc0c92b30cc100206fd66f5ee193fd6d0fa2f265965a7c44b11aad45e0740e0498609499a50a99feccbbb44529f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe

Filesize
184KB

MD5
9aa9d38afc3ad365ee4cfe09ed1be504

SHA1
db75c826ee6d852a44cafc4f1adce082a41f978d

SHA256
eadfef34e84804df39407cc1d54d8cb79aaaaa2823b29b4f9eef4d1be2099073

SHA512
a906c440425da831d917c1b34d08104f224ae8302765a9f9ba1b24843d2e040092a04854666421452b59ef3123885978b7f270afd8b04367825c99a50b1757a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53180.exe

Filesize
184KB

MD5
ca1487068956eb19f8fcb980154b852a

SHA1
9f83ee64c479e3acea371d8a5f090627004cbd7e

SHA256
c5dcbdf8d4d2dc8e00f4e13aade0f795e1c974f380d2c33e36d039e16133003e

SHA512
edd2248e94a00f72529aa941a6bf12327c416c6d65aa244df4a4523330694303b05dbf2070bf4ea04333ba34dc53957fc8164303d399d1b8e57665190261bfe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe

Filesize
184KB

MD5
e70329584e41558cd3d0abd64790efb0

SHA1
7e88c843954370bfa83ae4c7e941ed4a1e54d6df

SHA256
26f89e4131bf50149ca17cd3fd3905811a2c610c01b33ac36c2827c38fe8bf4b

SHA512
7499f915546f541b34ca13d9edd50144e5bb59b93a95b961543ad4901c60ea023ef8869b9fc4246071ba598e64523c98dd6ae142536309d259de26e04b10e1b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe

Filesize
184KB

MD5
8885828fcf0863d61b963f7273f0b8e1

SHA1
6f0db18aaa38daa81fad2b91923c6894ff55f680

SHA256
561a6d81a59a85a34143d2ce3814bbb207b14b8339a827ad8a80246d7a6b4a95

SHA512
dfb490144f9e69dec8caad4f0e94418399a1ca9b70dc5939bbc14ff3447f07ce40e517e26d52dea48d1784efd64eec7ea98d419f9e3448e99fe694cc48d0a925

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe

Filesize
184KB

MD5
b530263d00254684f8bdc3ac1836a297

SHA1
f8cc3ff843551a0454d711337c5877ed8dc3eb9e

SHA256
3fc31b43fa3ee8f6baf4370a3261fa597165a15544ed5f10aecf92c2e989ee17

SHA512
8afb2b2d949d4a9c3a4927b0354c6de9d56f1e45e11dcae21ce2950fa53a7760e591a92d20828a5239ed51509ce2bcb57af4bdaad8ab918cace060c8373d42a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64581.exe

Filesize
184KB

MD5
a1bbea8d61612214fe9d7df420c28422

SHA1
e86239a123577d1b42a4db52786e8996d1ed0fc4

SHA256
40e1b7c568240e1090ab40730f5a60e209cf720e7ec36e9f04fcb0fdd42f3d2e

SHA512
f0ae8acb653a2dd66b108e791c5d271ede4a774fa6ba3b4db5d2132f48c9c5ca6f519739d5081880caedb6818c5dc9db0c1b57f1c541e2537cebac4859864278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe

Filesize
184KB

MD5
e3be011af7126b3c7b5da11ad2c29f12

SHA1
8606a01614a91d035370d307beb1e85f2b3641b2

SHA256
91d62db6aff0a9fbe311e7b16432adb9ae778c85f44656d86546e5d90da4a98a

SHA512
4dd5b9202a0f64c64ebaeff00a970b05bd69cde4b45731fbcb6c1b69ef7f6ef07d4fca099673d2023c9621199a49732cfcb2ec46d532fa0e1023fb2455bcdd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9112.exe

Filesize
184KB

MD5
ab56617e238b0c05a1866d45bd3f77f4

SHA1
f5057556eb47f4a9e2a1646a9d25d856f0804e90

SHA256
d04e880d638d069d57875258f28d542a8558750f6576828e38dfe091dddd24b3

SHA512
38594024e1369075bf6fe692065a614c37a3a95340b5df6a7eb086d3c6e290bafd31ec806b0bc9fe1bc4d8a2446eb0e353e5d04d1421aecf2a6f7526e98f0b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe

Filesize
184KB

MD5
6a48520ab89a95b3b276328355683caf

SHA1
697620c15988591b7094b7bbd9bfa96fb85c13d6

SHA256
0ab4d226729cb5e2ff5fc80cd8ea4c17baccc5824a91d7879e6145cde860c877

SHA512
943f6259123bde392ae5c30fabf90b5e8125884e2c29cc4c73de8b9f7eef95fb73485ccbecd127bbc2b9419b14e72bbe262c44564a5e68a522df07c76e2412ef

Download Submit
memory/4832-2741-0x0000000076470000-0x0000000076495000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads