899d59abc4da8f7d8eb9d673618b9082919bf47f560b2292dfbcef10be0f19b0

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe
Size

184KB
MD5

b2ed080e6be9afac1e46c248d8426d60
SHA1

13b01a84403044efb86c34931b720a438c8d026e
SHA256

899d59abc4da8f7d8eb9d673618b9082919bf47f560b2292dfbcef10be0f19b0
SHA512

9316fb5b89d85b4633687e9740b23397e1e1417c10ec60052af12a94d97a05c7fbb69872b1144a50db4aba2f2c75a92ca64cf4ed0f6fe9cd58b9c5eca0a4dbef
SSDEEP

3072:vSaoWZoPpzAotd4iIs5BVQy4Pnvnqnviu+:vSGoN74i5Vf4PnPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2736	Unicorn-53860.exe
4224	Unicorn-23300.exe
3248	Unicorn-11602.exe
768	Unicorn-62324.exe
332	Unicorn-4955.exe
468	Unicorn-50627.exe
1528	Unicorn-6993.exe
3648	Unicorn-16772.exe
3532	Unicorn-5074.exe
3512	Unicorn-33108.exe
1456	Unicorn-41276.exe
3168	Unicorn-41276.exe
4384	Unicorn-25494.exe
3488	Unicorn-53263.exe
1348	Unicorn-47398.exe
2092	Unicorn-35376.exe
4736	Unicorn-31846.exe
4628	Unicorn-55412.exe
1096	Unicorn-63580.exe
1896	Unicorn-47799.exe
5004	Unicorn-51883.exe
3156	Unicorn-14379.exe
652	Unicorn-22548.exe
2404	Unicorn-14379.exe
2732	Unicorn-30451.exe
2672	Unicorn-24585.exe
3964	Unicorn-30716.exe
3976	Unicorn-14379.exe
3200	Unicorn-19018.exe
1392	Unicorn-29953.exe
2920	Unicorn-16417.exe
3944	Unicorn-4815.exe
3344	Unicorn-62739.exe
2300	Unicorn-29320.exe
4976	Unicorn-31357.exe
2412	Unicorn-49356.exe
5064	Unicorn-18582.exe
4872	Unicorn-50508.exe
4420	Unicorn-51063.exe
3036	Unicorn-13559.exe
216	Unicorn-19681.exe
4380	Unicorn-50124.exe
1040	Unicorn-8581.exe
2976	Unicorn-14711.exe
4940	Unicorn-26964.exe
1636	Unicorn-30285.exe
60	Unicorn-19350.exe
2860	Unicorn-30086.exe
4408	Unicorn-49422.exe
2168	Unicorn-55552.exe
4092	Unicorn-63720.exe
4808	Unicorn-63720.exe
3872	Unicorn-14519.exe
3856	Unicorn-22688.exe
3812	Unicorn-2822.exe
3040	Unicorn-10990.exe
3268	Unicorn-60191.exe
4812	Unicorn-30591.exe
3444	Unicorn-26507.exe
2856	Unicorn-2843.exe
1032	Unicorn-60767.exe
1700	Unicorn-35516.exe
2144	Unicorn-33469.exe
2756	Unicorn-27902.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5740	4704	WerFault.exe	165
6380	5548	WerFault.exe	186
9292	6704	WerFault.exe	252
13216	12728	WerFault.exe	597
13236	12752	WerFault.exe	599
8048	4240	Process not Found	1141

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	20384	dwm.exe
Token: SeChangeNotifyPrivilege	20384	dwm.exe
Token: 33	20384	dwm.exe
Token: SeIncBasePriorityPrivilege	20384	dwm.exe
Token: SeCreateGlobalPrivilege	19324	Process not Found
Token: SeChangeNotifyPrivilege	19324	Process not Found
Token: 33	19324	Process not Found
Token: SeIncBasePriorityPrivilege	19324	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe
2736	Unicorn-53860.exe
4224	Unicorn-23300.exe
3248	Unicorn-11602.exe
768	Unicorn-62324.exe
332	Unicorn-4955.exe
468	Unicorn-50627.exe
1528	Unicorn-6993.exe
3648	Unicorn-16772.exe
3532	Unicorn-5074.exe
3168	Unicorn-41276.exe
3512	Unicorn-33108.exe
4384	Unicorn-25494.exe
1456	Unicorn-41276.exe
1348	Unicorn-47398.exe
3488	Unicorn-53263.exe
2092	Unicorn-35376.exe
4736	Unicorn-31846.exe
4628	Unicorn-55412.exe
1096	Unicorn-63580.exe
1896	Unicorn-47799.exe
5004	Unicorn-51883.exe
652	Unicorn-22548.exe
3156	Unicorn-14379.exe
2404	Unicorn-14379.exe
3964	Unicorn-30716.exe
2732	Unicorn-30451.exe
1392	Unicorn-29953.exe
3200	Unicorn-19018.exe
3976	Unicorn-14379.exe
2920	Unicorn-16417.exe
2672	Unicorn-24585.exe
3944	Unicorn-4815.exe
3344	Unicorn-62739.exe
2300	Unicorn-29320.exe
4976	Unicorn-31357.exe
2412	Unicorn-49356.exe
5064	Unicorn-18582.exe
4872	Unicorn-50508.exe
4420	Unicorn-51063.exe
3036	Unicorn-13559.exe
216	Unicorn-19681.exe
4380	Unicorn-50124.exe
1040	Unicorn-8581.exe
2976	Unicorn-14711.exe
4940	Unicorn-26964.exe
1636	Unicorn-30285.exe
60	Unicorn-19350.exe
2860	Unicorn-30086.exe
2168	Unicorn-55552.exe
4408	Unicorn-49422.exe
4808	Unicorn-63720.exe
3040	Unicorn-10990.exe
4812	Unicorn-30591.exe
3812	Unicorn-2822.exe
4092	Unicorn-63720.exe
3268	Unicorn-60191.exe
3856	Unicorn-22688.exe
3872	Unicorn-14519.exe
3444	Unicorn-26507.exe
1700	Unicorn-35516.exe
2856	Unicorn-2843.exe
1032	Unicorn-60767.exe
2144	Unicorn-33469.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2736	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	90
PID 2712 wrote to memory of 2736	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	90
PID 2712 wrote to memory of 2736	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	90
PID 2736 wrote to memory of 4224	2736	Unicorn-53860.exe	93
PID 2736 wrote to memory of 4224	2736	Unicorn-53860.exe	93
PID 2736 wrote to memory of 4224	2736	Unicorn-53860.exe	93
PID 2712 wrote to memory of 3248	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	94
PID 2712 wrote to memory of 3248	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	94
PID 2712 wrote to memory of 3248	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	94
PID 4224 wrote to memory of 768	4224	Unicorn-23300.exe	96
PID 4224 wrote to memory of 768	4224	Unicorn-23300.exe	96
PID 4224 wrote to memory of 768	4224	Unicorn-23300.exe	96
PID 3248 wrote to memory of 332	3248	Unicorn-11602.exe	97
PID 3248 wrote to memory of 332	3248	Unicorn-11602.exe	97
PID 3248 wrote to memory of 332	3248	Unicorn-11602.exe	97
PID 2736 wrote to memory of 468	2736	Unicorn-53860.exe	98
PID 2736 wrote to memory of 468	2736	Unicorn-53860.exe	98
PID 2736 wrote to memory of 468	2736	Unicorn-53860.exe	98
PID 2712 wrote to memory of 1528	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	99
PID 2712 wrote to memory of 1528	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	99
PID 2712 wrote to memory of 1528	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	99
PID 768 wrote to memory of 3648	768	Unicorn-62324.exe	102
PID 768 wrote to memory of 3648	768	Unicorn-62324.exe	102
PID 768 wrote to memory of 3648	768	Unicorn-62324.exe	102
PID 4224 wrote to memory of 3532	4224	Unicorn-23300.exe	103
PID 4224 wrote to memory of 3532	4224	Unicorn-23300.exe	103
PID 4224 wrote to memory of 3532	4224	Unicorn-23300.exe	103
PID 332 wrote to memory of 3512	332	Unicorn-4955.exe	104
PID 332 wrote to memory of 3512	332	Unicorn-4955.exe	104
PID 332 wrote to memory of 3512	332	Unicorn-4955.exe	104
PID 1528 wrote to memory of 3168	1528	Unicorn-6993.exe	106
PID 1528 wrote to memory of 3168	1528	Unicorn-6993.exe	106
PID 1528 wrote to memory of 3168	1528	Unicorn-6993.exe	106
PID 468 wrote to memory of 1456	468	Unicorn-50627.exe	105
PID 468 wrote to memory of 1456	468	Unicorn-50627.exe	105
PID 468 wrote to memory of 1456	468	Unicorn-50627.exe	105
PID 3248 wrote to memory of 4384	3248	Unicorn-11602.exe	107
PID 3248 wrote to memory of 4384	3248	Unicorn-11602.exe	107
PID 3248 wrote to memory of 4384	3248	Unicorn-11602.exe	107
PID 2712 wrote to memory of 3488	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	108
PID 2712 wrote to memory of 3488	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	108
PID 2712 wrote to memory of 3488	2712	b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe	108
PID 2736 wrote to memory of 1348	2736	Unicorn-53860.exe	109
PID 2736 wrote to memory of 1348	2736	Unicorn-53860.exe	109
PID 2736 wrote to memory of 1348	2736	Unicorn-53860.exe	109
PID 3648 wrote to memory of 2092	3648	Unicorn-16772.exe	110
PID 3648 wrote to memory of 2092	3648	Unicorn-16772.exe	110
PID 3648 wrote to memory of 2092	3648	Unicorn-16772.exe	110
PID 768 wrote to memory of 4736	768	Unicorn-62324.exe	111
PID 768 wrote to memory of 4736	768	Unicorn-62324.exe	111
PID 768 wrote to memory of 4736	768	Unicorn-62324.exe	111
PID 3168 wrote to memory of 4628	3168	Unicorn-41276.exe	112
PID 3168 wrote to memory of 4628	3168	Unicorn-41276.exe	112
PID 3168 wrote to memory of 4628	3168	Unicorn-41276.exe	112
PID 3512 wrote to memory of 1096	3512	Unicorn-33108.exe	113
PID 3512 wrote to memory of 1096	3512	Unicorn-33108.exe	113
PID 3512 wrote to memory of 1096	3512	Unicorn-33108.exe	113
PID 332 wrote to memory of 1896	332	Unicorn-4955.exe	114
PID 332 wrote to memory of 1896	332	Unicorn-4955.exe	114
PID 332 wrote to memory of 1896	332	Unicorn-4955.exe	114
PID 1528 wrote to memory of 5004	1528	Unicorn-6993.exe	115
PID 1528 wrote to memory of 5004	1528	Unicorn-6993.exe	115
PID 1528 wrote to memory of 5004	1528	Unicorn-6993.exe	115
PID 1348 wrote to memory of 3156	1348	Unicorn-47398.exe	116

C:\Users\Admin\AppData\Local\Temp\b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b2ed080e6be9afac1e46c248d8426d60_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        11⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        11⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        10⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        10⤵
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        10⤵
        
        PID:19032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
        9⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        10⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        10⤵
        
        PID:16196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        10⤵
        
        PID:19216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        9⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        9⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        9⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        9⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        9⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        8⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        8⤵
        
        PID:17624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
        10⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        10⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        10⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        9⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        9⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        8⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18669.exe
        9⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        9⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        8⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
        7⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        9⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        9⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        9⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        8⤵
        
        PID:17908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        8⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        9⤵
        
        PID:17196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        8⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12752 -s 436
        9⤵
        Program crash
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        7⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        7⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        8⤵
        
        PID:18916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        7⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        7⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5422.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        8⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        8⤵
        
        PID:18028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        7⤵
        
        PID:13588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59105.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        7⤵
        
        PID:17780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3219.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        9⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        9⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        8⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        8⤵
        
        PID:19824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        8⤵
        
        PID:18704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        7⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        6⤵
        Executes dropped EXE
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        9⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        9⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64983.exe
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        8⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        7⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3641.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        8⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        7⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        6⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40077.exe
        7⤵
        
        PID:19240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        6⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        6⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        8⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        8⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        8⤵
        
        PID:18876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        7⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        7⤵
        
        PID:14252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:19540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        6⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
        7⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        6⤵
        
        PID:14176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51362.exe
        6⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        6⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        5⤵
        
        PID:11904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        5⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        8⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        8⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        7⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        8⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        8⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        7⤵
        
        PID:19248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21106.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        6⤵
        
        PID:18796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34061.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        6⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49261.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        7⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        
        PID:17864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        6⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        7⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        6⤵
        
        PID:10820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        6⤵
        
        PID:19436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        7⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10354.exe
        6⤵
        
        PID:15148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        6⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        5⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        5⤵
        
        PID:13228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        5⤵
        
        PID:19308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      4⤵
      PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        9⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        9⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        8⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
        8⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        8⤵
        
        PID:19468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52820.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50559.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        7⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        7⤵
        
        PID:18764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        7⤵
        
        PID:18036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
        7⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        7⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12134.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44155.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
        5⤵
        
        PID:18868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
        8⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        8⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        8⤵
        
        PID:19224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        7⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        7⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        7⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe
        6⤵
        
        PID:19520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        5⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        5⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        5⤵
        
        PID:19648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        7⤵
        
        PID:16920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        6⤵
        
        PID:19908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        5⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        6⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      4⤵
      PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18620.exe
        5⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32605.exe
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        7⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        7⤵
        
        PID:19100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        7⤵
        
        PID:18292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        5⤵
        
        PID:19368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        7⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        6⤵
        
        PID:10336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51579.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
        6⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34601.exe
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        6⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        5⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        6⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        5⤵
        
        PID:19800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
      4⤵
      PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
      4⤵
      PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        7⤵
        
        PID:19892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7858.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        6⤵
        
        PID:18860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        5⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        5⤵
        
        PID:19628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        6⤵
        
        PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        5⤵
        
        PID:17916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
      4⤵
      PID:8040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      4⤵
      PID:17776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        5⤵
        
        PID:19188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        5⤵
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
      4⤵
      PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
      4⤵
      PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
    3⤵
    PID:5548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 484
      4⤵
      Program crash
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
      4⤵
      PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
      4⤵
      PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
      4⤵
      PID:19856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
    3⤵
    PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
      4⤵
      PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3485.exe
      4⤵
      PID:19568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55027.exe
    3⤵
    PID:12752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
    3⤵
    PID:17732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        9⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        9⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28405.exe
        9⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        9⤵
        
        PID:19260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        8⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        8⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        8⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        8⤵
        
        PID:19564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        7⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        7⤵
        
        PID:19328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        8⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        9⤵
        
        PID:18844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        7⤵
        
        PID:19120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        7⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        6⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
        6⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        8⤵
        
        PID:17556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        8⤵
        
        PID:19348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        7⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12246.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
        8⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        8⤵
        
        PID:18828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        7⤵
        
        PID:16896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        7⤵
        
        PID:19760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        6⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        6⤵
        
        PID:19280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        7⤵
        
        PID:19900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        6⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        6⤵
        
        PID:19792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        6⤵
        
        PID:19008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41862.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        5⤵
        
        PID:19140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        8⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6574.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        7⤵
        
        PID:19644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5369.exe
        5⤵
        
        PID:6704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 488
        6⤵
        Program crash
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61144.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        6⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        6⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63243.exe
        5⤵
        
        PID:18604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41461.exe
        7⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        7⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        7⤵
        
        PID:19372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        6⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        6⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        6⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        5⤵
        
        PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        5⤵
        
        PID:19384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
      4⤵
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        8⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        8⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        7⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        
        PID:18788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        7⤵
        
        PID:17208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        7⤵
        
        PID:18088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        6⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50368.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        7⤵
        
        PID:19232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        6⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        
        PID:18800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        5⤵
        
        PID:15760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55254.exe
        5⤵
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        6⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        5⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        5⤵
        
        PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
      4⤵
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        5⤵
        
        PID:18728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
      4⤵
      PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
      4⤵
      PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42251.exe
        6⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        6⤵
        
        PID:19172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45983.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
        5⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        5⤵
        
        PID:13752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        5⤵
        
        PID:18436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24336.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
      4⤵
      PID:16040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62486.exe
    3⤵
    PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
      4⤵
      PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        5⤵
        
        PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13479.exe
      4⤵
      PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
      4⤵
      PID:20280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
    3⤵
    PID:11884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
    3⤵
    PID:16800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
    3⤵
    PID:4328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        9⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10449.exe
        9⤵
        
        PID:19164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        8⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
        8⤵
        
        PID:16824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        7⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        7⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        7⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        7⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
        6⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        5⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23271.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        6⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51632.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        7⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38368.exe
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        6⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        6⤵
        
        PID:19000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52140.exe
        5⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
        5⤵
        
        PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        7⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        7⤵
        
        PID:19084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        6⤵
        
        PID:12924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        6⤵
        
        PID:19148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        6⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        7⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        7⤵
        
        PID:19060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        
        PID:18780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
      4⤵
      PID:4704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 488
        5⤵
        Program crash
        
        PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56697.exe
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
      4⤵
      PID:13624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        7⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36802.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        6⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55507.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        7⤵
        
        PID:19488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        6⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        6⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
      4⤵
      PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        6⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        7⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        6⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12728 -s 464
        7⤵
        Program crash
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        6⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        5⤵
        
        PID:12536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        5⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        5⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11542.exe
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
    3⤵
    PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        5⤵
        
        PID:10620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
        5⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
      4⤵
      PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
        5⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        
        PID:18836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
      4⤵
      PID:12236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
      4⤵
      PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
    3⤵
    PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      4⤵
      PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
      4⤵
      PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
    3⤵
    PID:9860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
    3⤵
    PID:14276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
    3⤵
    PID:4000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        7⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        7⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1784.exe
        6⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        5⤵
        
        PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        5⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        6⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        5⤵
        
        PID:18128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9504.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
      4⤵
      PID:13332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
      4⤵
      PID:18648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        6⤵
        
        PID:16960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
        6⤵
        
        PID:19112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        5⤵
        
        PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59695.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        5⤵
        
        PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
    3⤵
    PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        5⤵
        
        PID:18580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
      4⤵
      PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
    3⤵
    PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
      4⤵
      PID:17608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
    3⤵
    PID:10760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
    3⤵
    PID:15440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
    3⤵
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
      4⤵
      PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
      4⤵
      PID:18224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
    3⤵
    PID:9812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
    3⤵
    PID:14264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
    3⤵
    PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
    3⤵
    PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        5⤵
        
        PID:11564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        5⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56520.exe
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
      4⤵
      PID:14364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
      4⤵
      PID:19288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17586.exe
    3⤵
    PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
      4⤵
      PID:12804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
    3⤵
    PID:11928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
    3⤵
    PID:16016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
    3⤵
    PID:18496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
  2⤵
  PID:5500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35148.exe
    3⤵
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
      4⤵
      PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
      4⤵
      PID:14712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
    3⤵
    PID:9704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
    3⤵
    PID:13708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
    3⤵
    PID:18148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
  2⤵
  PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
    3⤵
    PID:10508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
    3⤵
    PID:15372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
    3⤵
    PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
  2⤵
  PID:11828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
  2⤵
  PID:15936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
  2⤵
  PID:19496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4704 -ip 4704
1⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5548 -ip 5548
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6704 -ip 6704
1⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 12728 -ip 12728
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 12752 -ip 12752
1⤵
PID:12380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:5132

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:20384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe

Filesize
184KB

MD5
6b3c7ef223deebd23bf008be133ed52b

SHA1
cad25662b6ab123b0c0dbd7510425d4f4e4ff1a5

SHA256
9b4676375ade8e5bb6a123acd2e252a90bb7b9579bdc7d99d045a485ffae9a9b

SHA512
24677ad6f7a8a56d9ad10ce60efc93326a115a77da15af1850e3bf79c33bd9ce078dffb48a25d7714b4bff00132af4115094585499afaebe857125733451f351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe

Filesize
184KB

MD5
c1a41357387831415a2ebe1b22637881

SHA1
000a5aa6a6bea39eb569ec5f3cee95286620d0ee

SHA256
f51b047c56cabe9ecb8605ac592234634f51ba5fe63d1bdfe0a90867f4c2ab42

SHA512
e56fdd79c03cbf620fb1c3146b421c2cea75b187a7c8b3be5297e9b9622d8ce862467158609a078ebfa45a1bc4724332a0b7b92cd1250aabe79eb2626b1ac911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe

Filesize
184KB

MD5
d2318bc6f90e5d6e02bdbac515d710f0

SHA1
3b8392502bf19533f8afc6e8d8b530bc2d59eeb0

SHA256
e4d2fcfcd936ca3c0a4247d06828070ed9bd9353f4b4954af7c972b19b94c917

SHA512
672868e9dc341dcf753dd77d7faf1199c3315b59283d5017561af04282e1c689a4b711c1504e13bd00eab24187a26f7f6bb3a4f080c108740385fee103e74cc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14379.exe

Filesize
184KB

MD5
40de2341733de7d67d633ed0dbae017d

SHA1
1e7eb9721874bf0344590f4ce2cadeb813d6153d

SHA256
ec2d52449a71844d61972b8bd3ce6d0343982ba7a096806fd54e0a782ead976a

SHA512
f1cce5dbf840ada6bb041e3fcda3ce34c29c3c375b6aedee5306eced0efdcb9936ed69b0c11e9c05940d8d1bed4ee49310fe26ee555117be7a545f300a3bc293

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16417.exe

Filesize
184KB

MD5
7481493d5614534b51dee9134ea3e96f

SHA1
84c10a434f3f8c2215a8804cc116407dfdfb6e7e

SHA256
afa7f417a004deb18fc9167586cf47e23d882cb0f90ec379741e7caeaa4bb3a3

SHA512
0e255a414c39ee9d9d31407c101a27a4c43ae5f0ef975aa7e44bedebaf2f5cbf90e20cc84f862572579b6445f43efe5d67fc422ae468ddfc1187bf477b26a1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe

Filesize
184KB

MD5
3b672c1e6a196bd8547cec700e50037d

SHA1
750388988d3e2d9215af531d558d61526df456e0

SHA256
993efbccd67c79e09d379083b2f486c548038a4dd4da1d89f47682bc14908397

SHA512
79c5015beae3c27bbbd2cc8ebb3f109b1168a5072b3636b97a36aa62c86bc836b6831b9698dbff947b8c529ea9699406b906394f4014dff13ed9cb5050f11f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19018.exe

Filesize
184KB

MD5
b2be37ea50863346ae383a4a91a65c71

SHA1
d84ebd984c6d933c85e0878fd41399bb9c80bc0b

SHA256
f8e1d384166ff8291387a132bc5a2956203b3a32444d00530a0f8e44e325e358

SHA512
279732259d516f921e56d84ae893827d3fa205d7584262422359be554bb4ecd9a2924b11ed5fa0ee2b08c4897f480c03a192c02c53f7787bb84e53187a16c61e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe

Filesize
184KB

MD5
a5e6db71e271210112205bcb31bf66d3

SHA1
82363a6e256d221a06c59aa190401c8e27dff945

SHA256
dca2ac92f1e74e1131aa7c46ea20727a6ad14c02a447c88a8fadd62f4ffb113c

SHA512
9f9dd243a53bd63b49c1c453d317c7058bed484329b6fc4dc5bec3ca4a58a9bd02d1b51c36531765a7489bb3ed79d6d96e6a61f5348a69827b884e476114e90e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23300.exe

Filesize
184KB

MD5
d1bdbc547329cf5d963ee67a6aad8f42

SHA1
d7c37a84b53e5482ab1b399224805222e12f1038

SHA256
f27a70da080caed6e1101aa68923e8886fee7dde06ce3abd7b8d39d1c7472e60

SHA512
ff457e8a4fcd516a87c28b05836854ec1eae862eb3438d8f63b42c73fd5b44201cbac622929d939128f613989660817f98b5840fe80492ef26fb66bd05c4b70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe

Filesize
184KB

MD5
e40cd75466d14517bb5d7b6ca0eb2cc0

SHA1
b0d2f4449668395775475f4bea7a4bf62e83e1b0

SHA256
abe9113687453ff70cb8d8d0f10f05c2144be19cb098b82f4db527f5d3d83a32

SHA512
57bfe2e77435cdd0df617ba3a1634d909599c6d39fe39d4bc0619848e058bcaf10e36dae471e46ba19216ec6e8ce463cbfbce138179a687db7dcdfa3d8c8dafe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe

Filesize
184KB

MD5
f54ff511239ee1c077749911d9ec39a6

SHA1
a323ed53fac09508d2be391b5c9ccfae850d178f

SHA256
91697fc994a7dccf919f77390ff8a3e00d51372eb9221cd5125940063b784431

SHA512
c8b6ddbf89b25fd4e0ee06cea67f780eb84377b1741359e52827d59b87f1dcec5229b6ac8bfcb4910e0aea682e4d37ca3e063207adf97c70d6dc2e55392dea9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe

Filesize
184KB

MD5
389c623bf00f1b25adb1ac88b3761414

SHA1
2332f6f2cf9230312d6c392ca3137a765cf9dad6

SHA256
b898758cd22a594380a8163dea90775aa0608e87e3d84924ab5ba661ddc757f6

SHA512
0d08e46230f7f17619c97b5e5e9da602b8db18e814662da92e730066334428167ea154fa3dc9b06cbafe17baca94bba55d2dce1a534db3492289dc7d6b092bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe

Filesize
184KB

MD5
98096e85e1c39d754bd5e8be5a0a98e8

SHA1
c3ae3e56259c4993ab7f390fc31d1b55374d280d

SHA256
b95c0110c2c3ed0cbb4558bc69e8588ffcb639e66e3818f38c71dd9f63768eee

SHA512
77e17259442a5a23f2ff3a60d74663cb7c2aa42646157f2ca5c6077333067664b291050dd19b7b85f68f319363b9e077afc695ab89e0138960d2ccb13cec7fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe

Filesize
184KB

MD5
4ba6a8612b73e4b9907b132f379fdbaa

SHA1
9f735679b1a1d473673ba13d44e298a018694528

SHA256
f18f29081cf134593aa602a07b4fe15d1603e250a8ab59fba057521a7bd948f8

SHA512
8dec604425c9979767d472277f83b1aa81f942d165277715b65eaeb6a1ac329a0cffcb7b0a8defc2f9d983bccf9c2e6f2df467977894ebe8b1dac96596d2f949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe

Filesize
184KB

MD5
f20ea939b121d53cb22cd574c7d6f181

SHA1
b5e2eb01f16022a814b51c30bc8b0876548e9b8a

SHA256
1d3c6e40a0b85e53796f0e1e8cbdb2f560055e763541d88724b0a02a59fa01d0

SHA512
fcf13232ad441d92ab4f22ab015e7f28c9700f57b1c7642e32d1ad2cc6cbd024010d2e5729ca2f9f056542c5657219e3a7daabc21f6b4aadb5ee9566d4e9bfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe

Filesize
184KB

MD5
51a416adfaafed8e437a2f796cee63ae

SHA1
4713a16280870e4f09a54c1a0b5d9f56d643a82e

SHA256
3fddf13118d18242d694ca570c6468db7b84d30c64f85a64e2420900594a4c5a

SHA512
f6081227b34d16d119980c61e44a06a0475485442cbfd190ddd566519e384c4d42afdd35abc2294fc1f05bb240fad28ebd4844cb00123fe67eba286a201694f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe

Filesize
184KB

MD5
e6ba533676a7713ef33c96c16a5118c4

SHA1
c21fa37595d7c1824d567d6012709a6a5f441c62

SHA256
461bc4dea6de4b046967c7bcc42f27da59b2371742c603e49436ecd7563194ff

SHA512
f82b2d27be41140b1d01aa1a95b1836b1b420f73cb7178f53592dedac6e27ec0637c9fef960c973fce1c51db2826c7ebca828d7dab49d93c19e4c1575fc95fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33108.exe

Filesize
184KB

MD5
d82187a1a9a3cfe274fdcc2410779fb7

SHA1
331a45b3e840040350ada282e9adec96238abc7e

SHA256
b00acc5b243c81eaf3a2fee04c0d8816b84d9e17ef4c7a6f1eaff97275914bbc

SHA512
5a55d735676755a2858906d3d90baf9f9655ca9f65efe57afcc284b575a325e561fdc3836baedf8761ba560c967fd457dc2f75a59ede55477439c02beea68c3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35376.exe

Filesize
184KB

MD5
0168a3a0e56140a9b28c4527a70ec1c9

SHA1
4bd36d24756a9822936006bf3ac893a4623a5107

SHA256
f87e80ba794e0d1ebf2cebbf6eaf27c387848fd65549caf1134dc233a002fc0c

SHA512
25c1c51d7338f003ad3428d31a7fa968c9eb767340ebe5d0e89b20cd7413e337dfe4ace4a8851f8d00bf6eaf9c3c8fa1d94eed4a8b2df0270c698fadf71f74f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe

Filesize
184KB

MD5
38b2efa8663fba8e607692210985dc8a

SHA1
bd6b12fcb6e3883c35dad425c2c93210547dc5f5

SHA256
052a0f32bd8c9882fdeb14e390385b961b7c01e81b7faa311d36e9db6f9a8877

SHA512
7926677ee1c1a2e310cdc38ad3e75131cbb2445c4b255dcedcdb2c5db297bf647a43a8c2547c0e24e02ba6f0edf4a318dbaa321dbf4639f300196758a21f4cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe

Filesize
184KB

MD5
25f18bb5d91e3033444cc94d245ff214

SHA1
55ab0b9fbda033e6257b46445ba600dc36fbbce4

SHA256
51edbac241a35da6d3e7950f04ebfb5e56f5aeaa6d10b03324c503fb2831df18

SHA512
61fff6df24a974a9e6f0bce261e1e40259135f6b1bc655971a3651ca7925b922c581d639d49086bb62d617834ceb437a25516940f455d8d92c8aa3b078a86f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe

Filesize
184KB

MD5
fe478f1ff6383dfef2e6b994157cb21b

SHA1
f0a686db622e8cac9fb633e6be014bb0d9866e47

SHA256
dc34f2cf438bc3dbd7d05ea1364285f123e18f4931a3c7456b957b235e61acef

SHA512
5031a707fe684dc4b4fcb3db2fb871023cc3aa0ff69cba04f1a902114d47048bbed3b5cceb43e13e2d9f44e4ec7412741012f918e5e5c50fb4a4bd2835a8e59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe

Filesize
184KB

MD5
d2d4d0183e2f84deece3c0d4f80dc55b

SHA1
f715c920146caa7c0c51c1dd3b384d0012312bb2

SHA256
d6b6ea212fba19cbae92e3e72b76a43f9b5f5aa26433a9890dc169e4e497b8b3

SHA512
4fb7c4ee1717aacecef471631c8bbc325382fa9659d86799b5e200bb6f6fe9118260df67a30d068e2a61baaf8b9a2cd3dbe82c631eb2370573a7906a2d49f9c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe

Filesize
184KB

MD5
fd18b65670c374f9bd88efc4284bd6f8

SHA1
2d5eb141995ca6fb21b3d6280f595aa3e608cdc2

SHA256
0939ec9c648c434f88db0f4445602bd5321d9fbb582efeefbed790a290075c29

SHA512
5896f85b466aace233cabbab08ba10944d2b7883cb4530a441270f1c4b7eedd825d79d38826372580a6a1222642555bfbc44cced1cd5231beb511c296ea07dc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe

Filesize
184KB

MD5
d23d1bed28657d3b88d93f6320ba36b5

SHA1
dcb832e3c37761cf93b72fab1c6ffef751c0c026

SHA256
e5576d24952db89935604abf11884e554eb99f620e744cdf12e46efc1a3a60fb

SHA512
cf7555530907481eb7a3cf42181d4c5001434545402b6dd4d988f4ab857886c49be7c0e52b1a3f3079e4887a11d6e0ca09549aacde4c132c6485a698aa82b2a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe

Filesize
184KB

MD5
96693554f376ddf0cf57ae2567c3812f

SHA1
9656ccb10b59c4d0d7ff7019226b47fcb5078435

SHA256
d613566153b7058190976bf3bb2a75d69007e6ee3c2ae839f16a9cf8126218d2

SHA512
b75e2cda48770cf0ee7cb57e3facf31c7e1b96174216ecb39ebe8d62a4cb47f3c1406b86604dfe97cbcfaccf0d4fec6ce4dd9e1eef128fbcf61b79f391da60e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51883.exe

Filesize
184KB

MD5
50c0e3c4f4b480dcf36f14f672a416c9

SHA1
932bc235e824dd69977dbdd4f5c7015d97ed1d48

SHA256
cb99b380adcd3ac6823a75c8dc2a8935f822cf8d3e6b5249a0836750a5c70c21

SHA512
15c0e9fd55dbe9521d0e8e0395536a530841f0b3e83c08edaeaaa85c86d0aed10bffc631c57f6fdb3e45cf1d24ea3d85e77bb08071243ebf4222df977e600499

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe

Filesize
184KB

MD5
e6f435ac9c2fe05e62e02e6b842433e9

SHA1
0f4e1c6187f0cfddb65d09f8e4eed3b6855f7933

SHA256
2369fc7cd78e2f3159309b649bc366ccaf277d734f5ae90f76936be414bbe266

SHA512
3b355558603ee15f344ee28b24f4ed5263933b1e7f9f837284b539147ac2140ceeee6d5b7d595b8a7475feffbef07eedd5b35de47e62c54a4512dd4c9934b384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53860.exe

Filesize
184KB

MD5
27d13f8bd1231a3a4fe370365547f5cc

SHA1
e09a7c98cf38f8fcad2bbdbcccdfd7984eaa10d6

SHA256
a9ddcae1b54103012db46637d9a892218abaa8131541441e2c49bc767030f984

SHA512
e4ca9e6b4f51ef47b8dfd5b6183b21086f5adb5dd383fdcd286e8f8b01b18b2d4b6ced1ddc9669aeaf94407dcf31bd8794cd1b4346e803a85a14b14794c2ab82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe

Filesize
184KB

MD5
89ce5acfcdaeefe3bd553ea13f2cea5e

SHA1
56eadc549c5bcde97102fdfa81d03d7eb3eef368

SHA256
09b81eadea1dc050114f30376af75b621fc98a31d644aa9cd3bb0144c4703aaf

SHA512
49ba58f6b6cd711b497f2a4b3835d558a366ee88f9247887a799cb2e3beda7f2b47311106bd40070f703c03209bff042a4a2b3ec38e61d9bbfcd0b52d9671cf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe

Filesize
184KB

MD5
dac16285d7a50276dc4b85a29bd55fde

SHA1
6956a07abfe60e0f3b730b1ffe4b9a353aaf714d

SHA256
69531cd2415d6379cfd6f873ef174598e113abba9fc5d0317e974586637c7baf

SHA512
cdd79740f0131eb055b5472f8b7a9109ba3c90b09fb386564d8517f794a165ffc80247802fa13b9c0b57487d14c058eb8f72565319578489479cbb067c611d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe

Filesize
184KB

MD5
bbb62ca62767afc511c60933f8b9fc6d

SHA1
0235bd825e5e36d71d6fae8b26733459c2b0d477

SHA256
eb5ab22cf44bf7e391d172f7c100a5cca62befcaae375f9636913c6909d70905

SHA512
7e9b3531e9f7866199a1d547e6084ccb2efbeefba99669459ded18a552801398df6b0a1000ed8fc67591fae04f2e8b70f1b43e351011c0cc91de242f33bafba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe

Filesize
184KB

MD5
26a9e94c7d297da4d18867cbf5c7591a

SHA1
aff3b59034ff06e56384ea32865974337afe55d4

SHA256
0a09c5a97ccaa8f43969343743f5034bd415b19003e344ffdf6532680e230869

SHA512
cee7b4c85f049f4fc9ce408791641386c1177ad588e1b33815c06f235b4b0bce17f9e33dc5009c14e74bfda42666d78837a4fd7b3a28262684480dfb5e6bcaa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe

Filesize
184KB

MD5
f3a26b1246471ca40625422835ecef92

SHA1
165b1353664e76e6ae0685a1f8a7f1f96a60ada9

SHA256
6a66522b62d4eed7a3b0ccba5f928c5db28c30b5c523bc3a36f38b9fd2235e52

SHA512
89c32034fb266de68afbb1c03eddbe96c2a6d124dfcd9b55901802d4b2613a0880508e951b8932472049811e436158b8eacfa11d501dd7993d9f90af5750f23a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe

Filesize
184KB

MD5
8ff059b04e74de6bb52908bb190c8d60

SHA1
7f6a03bd148029892e67f4519ab27258f4a1e543

SHA256
dcca0867d659d4bff9ce78a32dcd055521366f1c3f9faa56b01f1b6982fda6fc

SHA512
1e3f0e6d5b970f6beaad07a3664148929882d3a8ce2d0195193bb4a19fb334b608a6b00e71f9ee3b1f6734717feebe5e3922960bb6a68864b1c6561322cf0011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe

Filesize
184KB

MD5
d5b65345707820e2202c9262504fe44b

SHA1
b8fb5e193919ff8ed9d3d6232e804b24385b3ab5

SHA256
9e67a53737eb79430c194c53e7849d5ce6018080079e00c51ad6d9af5a029bc8

SHA512
418349e5d5fb1a24035a050e34e01a4fee5baa1f1cacec03b85aedcc0086a11029f95de6f7851386b7f23e2c24faf2c9266ffa332cf7ec5745a4cb8d6a441429

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads