7567fb3d77221f164acbf04a9dd16135432ab61039f509b1ebad6159bda63804

Analysis

max time kernel
54s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe
Size

468KB
MD5

8eff8b4972baca9ef60f0caf2ee35990
SHA1

cf47314e749ada8c3c8f5cfe50be9733a30268bf
SHA256

7567fb3d77221f164acbf04a9dd16135432ab61039f509b1ebad6159bda63804
SHA512

a19b742f62009a09ffe6d0251f864e24c48fd129fc81936accaa77a0de6fdeb2d5fa13b29aa7bc7650b36cc850d1b293cca1fbf04dc75367f70e19c4ad29ec51
SSDEEP

3072:tbACogIdh05YtbYJPzcjff8/EChyPaplnmH3xEhg+DxLcZ7uCgEA:tb1o58YtOP4jffPSqv+Dtk7uC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4976	Unicorn-30301.exe
4256	Unicorn-41261.exe
3852	Unicorn-21203.exe
2976	Unicorn-53269.exe
3920	Unicorn-25043.exe
732	Unicorn-12236.exe
2088	Unicorn-37744.exe
4100	Unicorn-56074.exe
3844	Unicorn-36016.exe
3688	Unicorn-56266.exe
3632	Unicorn-29562.exe
3728	Unicorn-56266.exe
4280	Unicorn-26224.exe
3524	Unicorn-56296.exe
2384	Unicorn-45825.exe
4400	Unicorn-42722.exe
2576	Unicorn-58098.exe
3092	Unicorn-21512.exe
4996	Unicorn-19295.exe
4000	Unicorn-40330.exe
4940	Unicorn-27480.exe
2772	Unicorn-4320.exe
3928	Unicorn-41674.exe
3876	Unicorn-57626.exe
1968	Unicorn-25338.exe
2036	Unicorn-34583.exe
432	Unicorn-31783.exe
1868	Unicorn-24186.exe
3804	Unicorn-33049.exe
3564	Unicorn-61274.exe
1600	Unicorn-35618.exe
4860	Unicorn-56785.exe
3016	Unicorn-43594.exe
4572	Unicorn-23728.exe
2908	Unicorn-25250.exe
4456	Unicorn-33921.exe
4740	Unicorn-3167.exe
1008	Unicorn-32842.exe
2244	Unicorn-59768.exe
4172	Unicorn-24866.exe
3572	Unicorn-21528.exe
1712	Unicorn-35914.exe
3164	Unicorn-22074.exe
4196	Unicorn-29282.exe
3604	Unicorn-12945.exe
3136	Unicorn-46770.exe
876	Unicorn-21114.exe
3768	Unicorn-46770.exe
2124	Unicorn-21498.exe
4600	Unicorn-46770.exe
452	Unicorn-42664.exe
5232	Unicorn-25472.exe
5260	Unicorn-45914.exe
5292	Unicorn-28616.exe
5340	Unicorn-25280.exe
5248	Unicorn-45338.exe
5392	Unicorn-36594.exe
5308	Unicorn-45152.exe
5348	Unicorn-28810.exe
5428	Unicorn-20258.exe
5440	Unicorn-3921.exe
5456	Unicorn-10672.exe
5484	Unicorn-19224.exe
5496	Unicorn-38825.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3828	3632	WerFault.exe	104
4036	4196	WerFault.exe	143
10396	8680	WerFault.exe	369
16780	17444	WerFault.exe	911
7608	15660	WerFault.exe	752

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe
4976	Unicorn-30301.exe
4256	Unicorn-41261.exe
3852	Unicorn-21203.exe
2976	Unicorn-53269.exe
3920	Unicorn-25043.exe
732	Unicorn-12236.exe
2088	Unicorn-37744.exe
4100	Unicorn-56074.exe
3844	Unicorn-36016.exe
3688	Unicorn-56266.exe
3728	Unicorn-56266.exe
4280	Unicorn-26224.exe
2384	Unicorn-45825.exe
3524	Unicorn-56296.exe
4400	Unicorn-42722.exe
2576	Unicorn-58098.exe
4996	Unicorn-19295.exe
3092	Unicorn-21512.exe
4940	Unicorn-27480.exe
4000	Unicorn-40330.exe
2772	Unicorn-4320.exe
3876	Unicorn-57626.exe
3928	Unicorn-41674.exe
1968	Unicorn-25338.exe
2036	Unicorn-34583.exe
432	Unicorn-31783.exe
3804	Unicorn-33049.exe
1868	Unicorn-24186.exe
3564	Unicorn-61274.exe
4860	Unicorn-56785.exe
3016	Unicorn-43594.exe
4572	Unicorn-23728.exe
1600	Unicorn-35618.exe
4740	Unicorn-3167.exe
4456	Unicorn-33921.exe
1008	Unicorn-32842.exe
2244	Unicorn-59768.exe
3572	Unicorn-21528.exe
4172	Unicorn-24866.exe
1712	Unicorn-35914.exe
3164	Unicorn-22074.exe
3604	Unicorn-12945.exe
876	Unicorn-21114.exe
3136	Unicorn-46770.exe
2124	Unicorn-21498.exe
4196	Unicorn-29282.exe
4600	Unicorn-46770.exe
3768	Unicorn-46770.exe
452	Unicorn-42664.exe
5220	Unicorn-13049.exe
5232	Unicorn-25472.exe
5260	Unicorn-45914.exe
5392	Unicorn-36594.exe
5308	Unicorn-45152.exe
5348	Unicorn-28810.exe
5292	Unicorn-28616.exe
5428	Unicorn-20258.exe
5248	Unicorn-45338.exe
5340	Unicorn-25280.exe
5440	Unicorn-3921.exe
5484	Unicorn-19224.exe
5456	Unicorn-10672.exe
5512	Unicorn-13168.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4976	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	90
PID 5004 wrote to memory of 4976	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	90
PID 5004 wrote to memory of 4976	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	90
PID 4976 wrote to memory of 4256	4976	Unicorn-30301.exe	91
PID 4976 wrote to memory of 4256	4976	Unicorn-30301.exe	91
PID 4976 wrote to memory of 4256	4976	Unicorn-30301.exe	91
PID 5004 wrote to memory of 3852	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	92
PID 5004 wrote to memory of 3852	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	92
PID 5004 wrote to memory of 3852	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	92
PID 4256 wrote to memory of 2976	4256	Unicorn-41261.exe	93
PID 4256 wrote to memory of 2976	4256	Unicorn-41261.exe	93
PID 4256 wrote to memory of 2976	4256	Unicorn-41261.exe	93
PID 4976 wrote to memory of 3920	4976	Unicorn-30301.exe	94
PID 4976 wrote to memory of 3920	4976	Unicorn-30301.exe	94
PID 4976 wrote to memory of 3920	4976	Unicorn-30301.exe	94
PID 3852 wrote to memory of 732	3852	Unicorn-21203.exe	95
PID 3852 wrote to memory of 732	3852	Unicorn-21203.exe	95
PID 3852 wrote to memory of 732	3852	Unicorn-21203.exe	95
PID 5004 wrote to memory of 2088	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	96
PID 5004 wrote to memory of 2088	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	96
PID 5004 wrote to memory of 2088	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	96
PID 2976 wrote to memory of 4100	2976	Unicorn-53269.exe	100
PID 2976 wrote to memory of 4100	2976	Unicorn-53269.exe	100
PID 2976 wrote to memory of 4100	2976	Unicorn-53269.exe	100
PID 4256 wrote to memory of 3844	4256	Unicorn-41261.exe	101
PID 4256 wrote to memory of 3844	4256	Unicorn-41261.exe	101
PID 4256 wrote to memory of 3844	4256	Unicorn-41261.exe	101
PID 2088 wrote to memory of 3688	2088	Unicorn-37744.exe	103
PID 2088 wrote to memory of 3688	2088	Unicorn-37744.exe	103
PID 2088 wrote to memory of 3688	2088	Unicorn-37744.exe	103
PID 732 wrote to memory of 3632	732	Unicorn-12236.exe	104
PID 732 wrote to memory of 3632	732	Unicorn-12236.exe	104
PID 732 wrote to memory of 3632	732	Unicorn-12236.exe	104
PID 3920 wrote to memory of 3728	3920	Unicorn-25043.exe	102
PID 3920 wrote to memory of 3728	3920	Unicorn-25043.exe	102
PID 3920 wrote to memory of 3728	3920	Unicorn-25043.exe	102
PID 3852 wrote to memory of 4280	3852	Unicorn-21203.exe	106
PID 3852 wrote to memory of 4280	3852	Unicorn-21203.exe	106
PID 3852 wrote to memory of 4280	3852	Unicorn-21203.exe	106
PID 4976 wrote to memory of 3524	4976	Unicorn-30301.exe	105
PID 4976 wrote to memory of 3524	4976	Unicorn-30301.exe	105
PID 4976 wrote to memory of 3524	4976	Unicorn-30301.exe	105
PID 5004 wrote to memory of 2384	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	107
PID 5004 wrote to memory of 2384	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	107
PID 5004 wrote to memory of 2384	5004	8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe	107
PID 4100 wrote to memory of 4400	4100	Unicorn-56074.exe	112
PID 4100 wrote to memory of 4400	4100	Unicorn-56074.exe	112
PID 4100 wrote to memory of 4400	4100	Unicorn-56074.exe	112
PID 3844 wrote to memory of 2576	3844	Unicorn-36016.exe	113
PID 3844 wrote to memory of 2576	3844	Unicorn-36016.exe	113
PID 3844 wrote to memory of 2576	3844	Unicorn-36016.exe	113
PID 2976 wrote to memory of 3092	2976	Unicorn-53269.exe	114
PID 2976 wrote to memory of 3092	2976	Unicorn-53269.exe	114
PID 2976 wrote to memory of 3092	2976	Unicorn-53269.exe	114
PID 4256 wrote to memory of 4996	4256	Unicorn-41261.exe	115
PID 4256 wrote to memory of 4996	4256	Unicorn-41261.exe	115
PID 4256 wrote to memory of 4996	4256	Unicorn-41261.exe	115
PID 3688 wrote to memory of 4000	3688	Unicorn-56266.exe	116
PID 3688 wrote to memory of 4000	3688	Unicorn-56266.exe	116
PID 3688 wrote to memory of 4000	3688	Unicorn-56266.exe	116
PID 2088 wrote to memory of 4940	2088	Unicorn-37744.exe	117
PID 2088 wrote to memory of 4940	2088	Unicorn-37744.exe	117
PID 2088 wrote to memory of 4940	2088	Unicorn-37744.exe	117
PID 3920 wrote to memory of 2772	3920	Unicorn-25043.exe	119

C:\Users\Admin\AppData\Local\Temp\8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8eff8b4972baca9ef60f0caf2ee35990_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        10⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        11⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        10⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        10⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        10⤵
        
        PID:15916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        10⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        10⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        9⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        9⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        9⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        10⤵
        
        PID:15864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
        9⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        9⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        9⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        9⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        8⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60129.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        9⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13927.exe
        9⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        9⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        9⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46344.exe
        8⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34905.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        8⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        8⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        7⤵
        
        PID:17572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        7⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        9⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        9⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        9⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        9⤵
        
        PID:16568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        8⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        8⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        8⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        9⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        8⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        8⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62128.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        7⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        7⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
        7⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        7⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        7⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        6⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        6⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        6⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        6⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        9⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        9⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        8⤵
        
        PID:17508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        8⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        8⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8680.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61042.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        8⤵
        
        PID:17928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
        8⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        7⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        7⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        8⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
        8⤵
        
        PID:16592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12240.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        7⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        7⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        6⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        7⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        7⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        6⤵
        
        PID:14260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        6⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        6⤵
        
        PID:15776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        6⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        9⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        10⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        9⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        9⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        9⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        9⤵
        
        PID:15604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        9⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        8⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49041.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        9⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        8⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        8⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        8⤵
        
        PID:18404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        7⤵
        
        PID:16864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        8⤵
        
        PID:17880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        7⤵
        
        PID:17712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        6⤵
        
        PID:13684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        6⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42104.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        7⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        7⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        6⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        6⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23160.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        6⤵
        
        PID:15232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60672.exe
        5⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        5⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        5⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        5⤵
        
        PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        8⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        8⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29423.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        6⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        7⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
        6⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        6⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
        6⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        6⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        5⤵
        
        PID:15276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        5⤵
        
        PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        7⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        7⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        6⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        6⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39672.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
      4⤵
      PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47977.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      4⤵
      PID:12820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24098.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        9⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        9⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        9⤵
        
        PID:18328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        8⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        8⤵
        
        PID:17412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        8⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        7⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
        7⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        6⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        7⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        7⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        7⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        7⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        6⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        5⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        6⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        6⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10161.exe
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 636
        6⤵
        Program crash
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        5⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
        5⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        5⤵
        
        PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
      4⤵
      PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
      4⤵
      PID:16544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        7⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe
        7⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        6⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
        6⤵
        
        PID:15700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        5⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        5⤵
        
        PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        6⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20487.exe
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        5⤵
        
        PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        5⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        5⤵
        
        PID:8012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        6⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        6⤵
        
        PID:18036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        6⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        5⤵
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28199.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63961.exe
      4⤵
      PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        5⤵
        
        PID:15696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
      4⤵
      PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        5⤵
        
        PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
      4⤵
      PID:16004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      4⤵
      PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        5⤵
        
        PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
      4⤵
      PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
      4⤵
      PID:18152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
    3⤵
    PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-719.exe
      4⤵
      PID:15704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
    3⤵
    PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
    3⤵
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
    3⤵
    PID:18020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
    3⤵
    PID:15940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
      4⤵
      Executes dropped EXE
      PID:3632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 212
        5⤵
        Program crash
        
        PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
        5⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        6⤵
        
        PID:15828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59713.exe
        5⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15009.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
      4⤵
      PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55650.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        5⤵
        
        PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
      4⤵
      PID:15504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        7⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48833.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        7⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
        7⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23903.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        5⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        8⤵
        
        PID:17444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17444 -s 68
        9⤵
        Program crash
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        7⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        6⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        6⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        6⤵
        
        PID:16476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        5⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        5⤵
        
        PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44257.exe
      4⤵
      PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        5⤵
        
        PID:616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
      4⤵
      PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58594.exe
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        6⤵
        
        PID:15720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        6⤵
        
        PID:18188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        6⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        5⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        5⤵
        
        PID:15912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
      4⤵
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10512.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2527.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
      4⤵
      PID:14892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
      4⤵
      PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
    3⤵
    - Executes dropped EXE
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        5⤵
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46330.exe
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
      4⤵
      PID:14080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
      4⤵
      PID:17220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
    3⤵
    PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      4⤵
      PID:15484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
      4⤵
      PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
      4⤵
      PID:17792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
    3⤵
    PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
      4⤵
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      4⤵
      PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
      4⤵
      PID:17800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
    3⤵
    PID:13700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
    3⤵
    PID:12712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46162.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44144.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        5⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        5⤵
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        6⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        6⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        6⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        5⤵
        
        PID:16988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        6⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        5⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        5⤵
        
        PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        5⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        5⤵
        
        PID:15924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      4⤵
      PID:8680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 464
        5⤵
        Program crash
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21401.exe
      4⤵
      PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        6⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        8⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        7⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50442.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        7⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55320.exe
        6⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        7⤵
        
        PID:15620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1969.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        5⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
      4⤵
      PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        5⤵
        
        PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6784.exe
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64042.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
      4⤵
      PID:7840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13561.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        6⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        6⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        5⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        5⤵
        
        PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        5⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      4⤵
      PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
      4⤵
      PID:15408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
    3⤵
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14641.exe
      4⤵
      PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        5⤵
        
        PID:18200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21816.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
      4⤵
      PID:15984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
    3⤵
    PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
      4⤵
      PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54218.exe
        5⤵
        
        PID:18076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
        5⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
      4⤵
      PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
    3⤵
    PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      4⤵
      PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28362.exe
    3⤵
    PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
      4⤵
      PID:17968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
      4⤵
      PID:17628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
    3⤵
    PID:13436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
    3⤵
    PID:18000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62008.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38656.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        6⤵
        
        PID:16812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        5⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61346.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45304.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
        5⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        5⤵
        
        PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4032.exe
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
      4⤵
      PID:15636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        5⤵
        
        PID:15660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15660 -s 436
        6⤵
        Program crash
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
      4⤵
      PID:17016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
      4⤵
      PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
      4⤵
      PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
      4⤵
      PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
    3⤵
    PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
      4⤵
      PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
    3⤵
    PID:8464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
    3⤵
    PID:3508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
      4⤵
      PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        5⤵
        
        PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60794.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        5⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        5⤵
        
        PID:10060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30825.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      PID:4036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11153.exe
      4⤵
      PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        5⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      4⤵
      PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        5⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41344.exe
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
      4⤵
      PID:9916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
      4⤵
      PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
      4⤵
      PID:18288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
      4⤵
      PID:8676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
    3⤵
    PID:8060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
    3⤵
    PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
      4⤵
      PID:17484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45033.exe
      4⤵
      PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
      4⤵
      PID:9936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
    3⤵
    PID:5164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
    3⤵
    PID:10992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
    3⤵
    PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5136.exe
      4⤵
      PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
    3⤵
    PID:8468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
    3⤵
    PID:16620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
  2⤵
  PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
    3⤵
    PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
      4⤵
      PID:9228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
    3⤵
    PID:11444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
    3⤵
    PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
    3⤵
    PID:17516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
  2⤵
  PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
    3⤵
    PID:15612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
  2⤵
  PID:8552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
  2⤵
  PID:11932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
  2⤵
  PID:15616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3632 -ip 3632
1⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4196 -ip 4196
1⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 8680 -ip 8680
1⤵
PID:10716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=109899625709760 --process=272 /prefetch:7 --thread=532
1⤵
PID:15632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 15396 -ip 15396
1⤵
PID:18048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 15660 -ip 15660
1⤵
PID:15984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 18200 -ip 18200
1⤵
PID:17972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe

Filesize
468KB

MD5
25c5e25ac57670cd94d1c7a2ce937540

SHA1
4f7b43991999ad945ef3d98373c0d6318a6de533

SHA256
5cd0d55d2ea3daaaa5f55ba571a4e5fb8bf8ece3d6d14be7755aa3491d180f3c

SHA512
2c0b4d8f67ec08d91b2dac71f18b6c8abbc2403752c9a8933861eda0e3d257d1e6acab98b7ec052137066d55df56cb48d23573dab84333af5b0f301f2e301c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe

Filesize
468KB

MD5
b5a64874cf182c87fbf2757172c0cc28

SHA1
570ee0ce6532d89dcc6d70ae5926f221fabb6366

SHA256
c6ff2ed4fe24a39d190e3af1b70bcec624e23c3ff188383db371e4ee19ea829e

SHA512
8f7909381a7ba81c870066018ec8ef25da8732ddbc799c49ef33bbc08357fa2811bb3a05351340344821099d9f58e1af2ab82e2413a2d946483e8a86c58c7d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe

Filesize
468KB

MD5
496b79e3a7cc0400bcd223b4099a835b

SHA1
656f8344bddd93c3aaabcaca107208631adb1767

SHA256
75b7d9bd942dc6f48f0d45034396bc496513475ae5a500cdba371cefe8ef3834

SHA512
05e576c934226e0278f958eb1c6c555ad34a8c783f5c34bc7c4c2ec1386162f3d7733b9cc46b632163d73ef2f8fa9c99e0b033ca1eace176f06d4474d1de1379

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe

Filesize
468KB

MD5
6c74b35e376a9c6dc2946dd99a227ce4

SHA1
68b19f5207d799b4fb7d9a058b9d540a30ccb14b

SHA256
e441cc362f44633ece7c8989f71bc3e3070414f62d558090fc4620d01ed01b48

SHA512
869c0700ced818bd6d17daca1e89e4fca3b9d0e6d76a6072f15e07dd0d12af8fd108232e726da2cc33890b02a92af6cd99961bf60a2ee559d94ddbebcb65a011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe

Filesize
468KB

MD5
0423026e231e0f2749396f4011ff2ee7

SHA1
5c1b550baad5b01531bd0fb4fb7f14ebdbd03c09

SHA256
871295e80480b7c71247242f6b85c2d42f7b7551404bd4c7e8d8c799572efe4f

SHA512
f64f5a6f7ab043d4a2486da9016d4659a28d9613d396c3ce6acd6e21c65a1161f10f169ce5d6c30ccb18348460ee32f2f85002633420f6795928c40f727788d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe

Filesize
468KB

MD5
5447a0fc487d6f92e96d10952f4ea964

SHA1
0159363f9824ba596afd4779857eb39ebf175325

SHA256
0515b0d7c87d2de13e03b46e579fb1b9030c6c8b7addc37ccf6b5cff295bca89

SHA512
3d717fead2f5d606c526e8f285880e6e49e21df92797377c2b2154aa88d29c083f59d1fc6fd595bf8f3c4fcc374d1db61ea9d1d97ac7765e9583644d43c788f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe

Filesize
468KB

MD5
065a8a9b4cf5b7f62442d34fe9b8b8c6

SHA1
6a3eefaf33fe2d26f6337d8f42f4ee7f60358d04

SHA256
73762a71206a5509bbb9ef742d1ad9c6ad511868ce87c37fbd50e83a1e99e786

SHA512
10452dae51106e9d438f6dd7d2e67acf80c1bd8eb1ad7d4094c0132c7e4a785b486ae0ba3f6f711c81754a1f45290d974d4f09d84e146b0ca3bd5ece1a09a5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26224.exe

Filesize
468KB

MD5
6df11d91e098e50629622c4a93d1ea6c

SHA1
179a3c426862c09c5e2295c0bbc90a5e9edb3c7d

SHA256
f5a22a601c7945af8436174b2c2ed11a598eb3ee52f02bb3217345427f3eb593

SHA512
6ba26f54ae516c8522fa84edb0d77442afc242553f4a30e9f3ec9e84632f293fadd936c98e6636bcd4799a848d3d3396dd2b2f96b36b7826987c5e1ebf91f599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe

Filesize
468KB

MD5
2369032a1fc2ee6ee42c08929c0d6f88

SHA1
e7995355fba3756dd594c296055a167a6554e98f

SHA256
958f7392f361a8af423bf54e1bceecba6a5f681d16e7b4953689ab2adbb9b006

SHA512
2ec5883854dfd8fb0fb61528c3789d3be68cb70da695a350141fef783e38771d6a7aae9d89bc3ebf62d791102810d14a19488234946a00131b5662d5595ad274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe

Filesize
468KB

MD5
57dce9236e26f981445ae6d78de856c6

SHA1
3ce3b00e66013624a8f147fb0c08151ca149b695

SHA256
b7d49f6f8eb912d883db7d9d88cb113eef7aba5d6454fcbbf3ee1d1a5e084fd9

SHA512
8f4a13a38ce89c3d62e792b25d2e3d7dfad96db153600a6658bf5ba7eeb1e44cd61df5b164c62788dce05021bdbfab1bf873783fc9a5bc1be0723e37cb4f8728

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe

Filesize
468KB

MD5
d66a5ef2d120fd9c7c025ef455fb0103

SHA1
ed6b9c2ef0aaaf94511cb5066c71aea6e76766f1

SHA256
dc964549ce07e53f368c527ce179fff64b3853de6f778d397a41e11997b50f46

SHA512
70abf66654cf9b572fb686c47a3f6260a269c098564808c2191aff46417392ce93b7a904a2f306d7ea7a1c5bc8203a90f2184e6dedb76525cb377c4fe37510c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe

Filesize
468KB

MD5
58ad0bc74e2e3dd664aa298595f261a7

SHA1
7aeb514c8d7a93461314feb12a7b35c81c0f1ca6

SHA256
bd48a3a1f4bc8f65d7d395fa7a2a470d8ddb1e6c476cc94b812bae32324e9cfc

SHA512
8e25ea2a4533564555f507df24bc7388daaaf333ad6f472b30fb4941e57f185efa1e831779c2e81d98af6111d99a67b2b5cc9749949480af13a7fffce4213799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe

Filesize
468KB

MD5
df54b2677f55b8e42da195e9a13205ef

SHA1
a9145cbc04bcaebd5a5909eb67d76fc071d0f7b0

SHA256
a6a3728b7db282302ad5fd7da9860b81a09532de369e23db9d21853d15bc686e

SHA512
12ddda7cd540b6debbb794f82c45b8f5500785a7775d78c01501b2a4fa0bf533be12f3c4f6d1e98a066c1afa163999bd7560ef8af1cb01da2dba35e17342b690

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe

Filesize
468KB

MD5
9e4a009b7fad51706bcf1daeb445f1e7

SHA1
d5cdee7b07e1e0fe35762b4e5f9ff46569b30900

SHA256
4d6e981ae83a47359118925a3b1c4d756aaab7fd91e576c445c664f1730e77ac

SHA512
823310ae76b7ba859bb1906c25cb1148b5e7cd0c7f5f94c832bfd127460f47fe3f4f84267c5b2eb5cf1d796c4590305184a061486b69b07ae54be4f6ceeacd28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe

Filesize
468KB

MD5
bae968e6a8656aa51ab38351e93683b4

SHA1
5116b6f9a3de5c371dbc691340de360ec893f6e1

SHA256
f98f8b123869ff04abb8be99e31210a0f88551e2ae59096fbf325004932e9fda

SHA512
712b5e0549cbb1c4523db9af87dbff5b15f25d3834ba3fdb4b05afc4c0eedcbdb707526951cfcd7106802b9b661fc4dfee8831d57754df19d7c8e0c463954242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe

Filesize
468KB

MD5
afbc39fe72cb4ddc46c8f6e80309df14

SHA1
4b6be586c57dbe5b32ec8935e4dec2c0bd57cc56

SHA256
30e3262a9d997c64299f8ca2372f1f50f51613265bd8b662c73fa2845ea146e3

SHA512
c3d13d4382192722f3bb88d90c1e9c4fe91246f2a7e42f9f9d485984ab9f2a35d91a1f4adb63a41f1826aaf0fe8f794067d3de7b3f60a4587c49aaf6bae5d8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe

Filesize
468KB

MD5
b66faa3ecb8083ca7aad0383db06d015

SHA1
f541d3719b326071e8c0280d1486a34937f9233e

SHA256
77dda568452064fc2b7d3f01711a8fad25f2a368c87cffb6bb070cc396ec30c0

SHA512
4cf98849d99114f612134181f992f2e1601e3072f9c51b99a7c80070a4e79707d6351c2addd223b0d60459acf48f55336729e5c244b33ee84f48f35ac4272a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe

Filesize
468KB

MD5
26fcf674b32a4279da4b1d46c589d894

SHA1
6c3514ef7e0eddacbac9e5046fbf68e27230b832

SHA256
4fa1ee54a0711744572e0b0efea276e1b4b099eb8bdbaad6754c2b24caffa2d4

SHA512
efc9758da08397c7b233db630a3281a88f41d6bc0e7af9c905e634340ef9b6b080e2230b92ec9a2c4997acf6b680210b238721ac1ac8a313327eba0a382dc656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe

Filesize
468KB

MD5
6251c32f035d6849f0a451c9ca0e3ccc

SHA1
11c036e7d3a88906857f88bdfc89788a7235015a

SHA256
7d274a0ae2e2ceb90868f6c5844c7f3c0efdf3eeaff41a646fba025102137b8b

SHA512
ca6f27dfca9e6df3ef8078809e490306df1f3db3710e5c03e163c50ce5731bc96c4e66741fd6b81b4339d6f23bf6112b45aa55f440f52730e82e798c5471ca93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe

Filesize
468KB

MD5
e769c363b432dc4aaabc551a407526fb

SHA1
c54dd1d725fd7f42ea360b71365ac7987bb64608

SHA256
e007de60f1e6beb2e1a97f2129f8b19781056f6d03a5167d69c5c0a7d742755b

SHA512
34a33c479fc4d0f22fbdf64e318d710d7b006cb902e70ca733ebfb12d29fae4bf07691882b1e4516eeeb5822d9d5f16513c0eda5c8123d270e3d4d7fcbc73d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe

Filesize
468KB

MD5
72de6d26639f5517f00b06a933052c12

SHA1
5f18a4377dd6428a8fa01792526db8418b3d2127

SHA256
bbd3bde4df840e9a74b6082d008bff925acfe30f6443a16c5d72a174abc1d971

SHA512
56f43f7ab29e3dd356124af3a0686267591cc81762c1ad5520243c7b9373eb4f69b892b9141fbb9b4508a780747d8ff7141f0fb8c2a7e4d8d321e2bd401945a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe

Filesize
468KB

MD5
e6828a9852c5d5b10240877c01900f19

SHA1
82b1573319b3401e67d14cd0431df75785910390

SHA256
b6337e4b4020d950e127b031de6ddb9f696ca24c66c85fc4f7cfad08d2884c9f

SHA512
61c0811d6cf21be1b9bc1a39b844e4068131f0cfe0b003b248f5c00f28dcef296a919f6a014771208ebee81af6d4c7c3a5c6ebc1ea9f560ae4d7a3d31033025b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe

Filesize
468KB

MD5
c9c4eccf78bf141444d7ae1e2128ec2d

SHA1
c4dca3e5fba03e9b7cba1ad4f1ee9463ac14e36c

SHA256
5408afab98ab897bbed8a8fcbbd8cb5e907cf05f30ad0129fe390e63f5774550

SHA512
a5dc050c2ffcac5377e300b6ec2a12d2b46f502a5758b6c644b98e9f9e032529baab346259d44521d70ba0135a17bc8b349b5f14d1638bb9a09de6a47d624266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43594.exe

Filesize
468KB

MD5
a9b7bd2734c4a09b9d28570453dacba8

SHA1
920472838219bbe1aa6e08d6deb1935a0f43adf3

SHA256
fc28d1bef0feddbf9577caa3ae8f37ca724033e49736dd3d2503c5c6e751eea4

SHA512
3e550cea5407015a7c646f490b30f9fd5fc42cfbd80caf28438a667fb871128b57b7cfac5a87d0991d55398c2c1bb32f929197883385584cd200890aa0fee0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe

Filesize
468KB

MD5
63ad4547a1bb8095efeebb8aae93f022

SHA1
67571af1754cfac6cac8ed770d697e60a7f5dd42

SHA256
985eebbf0887fecadba33d04cea4d34c977a083ee7b403894d706a21b7af76fe

SHA512
3f03f8cf9b9c15891c9f0ec220ef1da1284543f1d4d73ff93e66f1747093a099b1ece12ebee16df379320c4d0802f86de26712d918236111becab13835578833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe

Filesize
468KB

MD5
c993afe7171843ecad56583c5eec4172

SHA1
b9fc3dbb594e9112355d407fcfb0a6d5501fd3ff

SHA256
30c04a7ac96f9e06464216ac0d23d68f28a4b3b74302953bb8d7c732af2ebd5c

SHA512
af319cfe3aef53d8f76838bf82eda2c445eb36b228c35197b70ccf048454a8513714d603c091422d3e7199af3c3f0f8682e28afacc50c28b74a031587a2715a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe

Filesize
468KB

MD5
3f3d3014465c9bcc3ebf5bc1f620aeb7

SHA1
672c643807b9d8e61bdfc74b463d0bb1ec7996f1

SHA256
e5c5f739d9f48b191dfb7df96b7d02559ba6b0656482a3d8260c65968254ad17

SHA512
e1a1be9fda10b2484e3054f42cf6336db14177780668bf6c1a6f505a26c3ee2e380276cc27fb1dd2cc43997a29ce4ae8711a943a0bb8ab01c25cdf5d4c23a8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe

Filesize
468KB

MD5
0e626fd941fe55528668252b81515b41

SHA1
32eaadb4f536e7bcefbc93b420f8af4372923199

SHA256
2f25f6d2ee7015b04175c62af0cefe1b21884ea4c7bb047fcd6cdb11797e3827

SHA512
ed0e9374ca1412dfd8b1e1e2547fa4a6bd02ee2407c9dd7a9d3c12d66d68fd10fddada82dde1b26d7816842983f842e766829b3eeed0d88444fc10cc8da58b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe

Filesize
468KB

MD5
9f7e2dd38b309bba0d79796a28ff99c6

SHA1
a285cb1b2edf5f2561ad10006e9384757e683a2f

SHA256
daf1451095db0bf59f38e9f55ba18f773561ef4b5aec74519a91152b8d3126ad

SHA512
ced3d4429d651b598daaecf6208f6bc895b8b60d490d145db66efca1c4e2efd097004410d30c3044c0ee500965b2ba41b1da591841a2d55f08ab5012d1b2de48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe

Filesize
468KB

MD5
5c332fdbd5c614474ea4b3618df1ec5a

SHA1
419ac216d6e774a5e2b3f4cf9739af3e025a2727

SHA256
d539d5bb84ffca328c5d9e0e13b1665006000765055725a717e541b9f0676fb8

SHA512
6a74916329eb12e529fc3e901fa50355a2cc35ccd0b7e0e6b8f66569de69a9ceb5fb42b8cf38ba1758c845ea6b78123b87ac19c8b92bd0c4768194e8e1992f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe

Filesize
468KB

MD5
2d9ccbc8a8b0bafc4e50334035d71116

SHA1
257678701f11ce12ba0e26bfa387d7b039d704e1

SHA256
a89e572621188fbf2b2d67144dfb2bbfd457ff7335d70043c0c7807a56c54d20

SHA512
47331b9c874e6cfac8afbf4f2e1b59f6bd7ca55fd1280af9bc9b2d41868831bfe7a3d2df09e093bac433cc575093797430d652c224f37affc04ccf38db316881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe

Filesize
468KB

MD5
602dc765e4303823da5b77325649bfbb

SHA1
4f4b004ec1a4fab18e0b0f3a4881744a5d15361f

SHA256
fd7d8178ed43c1c51385516498fb9057119c27a845650aacad38b66cbe44495a

SHA512
07bb1377f3c1e5413ab4fbb588721ead4315d4afb9ad7d7c3b2ae31470b071d640b7e55675d48863f1932595f2b3e1daa32ef3fa6c8c918e23103345834cec75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe

Filesize
468KB

MD5
1534eb5ea1ef67108b408e4a80225e6a

SHA1
e678e0e7372e6ca0c55daac468a5d559e13034b1

SHA256
4625b7f23accfab616b9fa087cd4c67b66650d07364187b03621a62066c3c98a

SHA512
1789b3a3d72d60c438ee95a9ef30b6b68329887c0a663a04920ecbafb104790d736529cfba6c2a9ce1a63e709454ee39804f3e0f1ca4a2aa6178cf39445241d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe

Filesize
468KB

MD5
7d80227ae06497f5c4d3f74c541786a4

SHA1
dd6254b0c14052011c91d65e0da82a769db33dba

SHA256
478c4aeba6968393ebec9d9edd3e12ef3ee45fa7c3ea190d0b07bac87a56c871

SHA512
577c0039d78bcb8401002c4a2a4b93d31a76fb4a75aa94c63ad44929817b98afb8f611ae872c189210d138ded2c952978e74b94dfa50db24986f2eea9eb96e3f

Download Submit
memory/3728-2990-0x0000000075250000-0x00000000752C4000-memory.dmp

Filesize
464KB

Download
memory/17996-2965-0x0000000075440000-0x00000000754DF000-memory.dmp

Filesize
636KB

Download
memory/18000-2862-0x0000000075540000-0x00000000755FF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads