b683c2e6cf7aeeb4bf1e4ac651e5ffbf120a86064c9faf38b023f8b800f0b3f8

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
Size

192KB
MD5

d44a5c3d781375cccc1988576f05d200
SHA1

cf5ca50d307bbe2bc842262c01de1954297e003f
SHA256

b683c2e6cf7aeeb4bf1e4ac651e5ffbf120a86064c9faf38b023f8b800f0b3f8
SHA512

27608c14e9f5b60fd55b934f7527abeb6fd16daa12f7c5d3585360ca1881cb99afdbae739f97c1e40a32ab93c20810232fa58c7b89c02ef5541d6be2276108fa
SSDEEP

3072:6FwconCCOniKSYg4dXdD686XNZN6tyLiui0xScPHfqwPvpFK:6FDomiKSCdtD6842tCqwPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2392	Unicorn-30136.exe
2004	Unicorn-8620.exe
2284	Unicorn-62460.exe
2708	Unicorn-33124.exe
1928	Unicorn-48906.exe
2628	Unicorn-61158.exe
2676	Unicorn-52964.exe
2552	Unicorn-3763.exe
2576	Unicorn-49435.exe
1528	Unicorn-28460.exe
1732	Unicorn-8594.exe
1932	Unicorn-19545.exe
2748	Unicorn-20099.exe
856	Unicorn-29057.exe
2920	Unicorn-45393.exe
3028	Unicorn-53369.exe
2092	Unicorn-4168.exe
596	Unicorn-58008.exe
992	Unicorn-831.exe
2296	Unicorn-63758.exe
2484	Unicorn-4204.exe
2104	Unicorn-28154.exe
1956	Unicorn-60826.exe
1364	Unicorn-64910.exe
1304	Unicorn-11988.exe
2032	Unicorn-16072.exe
380	Unicorn-48382.exe
2504	Unicorn-48937.exe
2968	Unicorn-7157.exe
2028	Unicorn-3265.exe
1508	Unicorn-11796.exe
1608	Unicorn-31527.exe
2192	Unicorn-23913.exe
1196	Unicorn-60307.exe
2272	Unicorn-19275.exe
1664	Unicorn-19637.exe
2940	Unicorn-35227.exe
2540	Unicorn-57463.exe
2884	Unicorn-15876.exe
2668	Unicorn-16430.exe
2772	Unicorn-40742.exe
2556	Unicorn-64692.exe
2808	Unicorn-16238.exe
2052	Unicorn-4643.exe
1028	Unicorn-9474.exe
1620	Unicorn-33424.exe
2308	Unicorn-8535.exe
2288	Unicorn-12619.exe
2836	Unicorn-37316.exe
2768	Unicorn-58099.exe
2904	Unicorn-56449.exe
1976	Unicorn-64788.exe
2336	Unicorn-51981.exe
1740	Unicorn-59957.exe
2844	Unicorn-12655.exe
2472	Unicorn-15993.exe
760	Unicorn-28991.exe
1572	Unicorn-7824.exe
612	Unicorn-15801.exe
620	Unicorn-40305.exe
3060	Unicorn-49028.exe
1804	Unicorn-45541.exe
2080	Unicorn-45541.exe
892	Unicorn-9147.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
2392	Unicorn-30136.exe
2392	Unicorn-30136.exe
2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
2004	Unicorn-8620.exe
2392	Unicorn-30136.exe
2392	Unicorn-30136.exe
2004	Unicorn-8620.exe
2284	Unicorn-62460.exe
2284	Unicorn-62460.exe
1928	Unicorn-48906.exe
1928	Unicorn-48906.exe
2004	Unicorn-8620.exe
2708	Unicorn-33124.exe
2708	Unicorn-33124.exe
2004	Unicorn-8620.exe
2284	Unicorn-62460.exe
2628	Unicorn-61158.exe
2284	Unicorn-62460.exe
2628	Unicorn-61158.exe
2676	Unicorn-52964.exe
2676	Unicorn-52964.exe
1928	Unicorn-48906.exe
1928	Unicorn-48906.exe
1732	Unicorn-8594.exe
1732	Unicorn-8594.exe
2576	Unicorn-49435.exe
2576	Unicorn-49435.exe
1528	Unicorn-28460.exe
1528	Unicorn-28460.exe
2552	Unicorn-3763.exe
2552	Unicorn-3763.exe
2628	Unicorn-61158.exe
2628	Unicorn-61158.exe
2708	Unicorn-33124.exe
2708	Unicorn-33124.exe
1932	Unicorn-19545.exe
1932	Unicorn-19545.exe
2676	Unicorn-52964.exe
2676	Unicorn-52964.exe
2748	Unicorn-20099.exe
2748	Unicorn-20099.exe
856	Unicorn-29057.exe
856	Unicorn-29057.exe
2920	Unicorn-45393.exe
2920	Unicorn-45393.exe
1732	Unicorn-8594.exe
1732	Unicorn-8594.exe
2576	Unicorn-49435.exe
2576	Unicorn-49435.exe
2092	Unicorn-4168.exe
2092	Unicorn-4168.exe
2552	Unicorn-3763.exe
2552	Unicorn-3763.exe
3028	Unicorn-53369.exe
596	Unicorn-58008.exe
596	Unicorn-58008.exe
3028	Unicorn-53369.exe
1528	Unicorn-28460.exe
1528	Unicorn-28460.exe
2296	Unicorn-63758.exe
2296	Unicorn-63758.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1956	1812	WerFault.exe	158
2404	2744	WerFault.exe	247
2308	2716	WerFault.exe	219
768	1332	WerFault.exe	248
3060	2776	WerFault.exe	258
2600	1256	WerFault.exe	365
2180	2520	WerFault.exe	428

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
2392	Unicorn-30136.exe
2004	Unicorn-8620.exe
2284	Unicorn-62460.exe
1928	Unicorn-48906.exe
2708	Unicorn-33124.exe
2628	Unicorn-61158.exe
2676	Unicorn-52964.exe
2576	Unicorn-49435.exe
2552	Unicorn-3763.exe
1732	Unicorn-8594.exe
1528	Unicorn-28460.exe
1932	Unicorn-19545.exe
2748	Unicorn-20099.exe
856	Unicorn-29057.exe
2920	Unicorn-45393.exe
3028	Unicorn-53369.exe
2092	Unicorn-4168.exe
596	Unicorn-58008.exe
992	Unicorn-831.exe
2296	Unicorn-63758.exe
2484	Unicorn-4204.exe
2104	Unicorn-28154.exe
1956	Unicorn-60826.exe
1364	Unicorn-64910.exe
1304	Unicorn-11988.exe
2032	Unicorn-16072.exe
380	Unicorn-48382.exe
2968	Unicorn-7157.exe
2504	Unicorn-48937.exe
2028	Unicorn-3265.exe
1508	Unicorn-11796.exe
1608	Unicorn-31527.exe
2192	Unicorn-23913.exe
1196	Unicorn-60307.exe
2272	Unicorn-19275.exe
1664	Unicorn-19637.exe
2940	Unicorn-35227.exe
2884	Unicorn-15876.exe
2540	Unicorn-57463.exe
2668	Unicorn-16430.exe
2772	Unicorn-40742.exe
2556	Unicorn-64692.exe
2808	Unicorn-16238.exe
2052	Unicorn-4643.exe
1620	Unicorn-33424.exe
1028	Unicorn-9474.exe
2288	Unicorn-12619.exe
2308	Unicorn-8535.exe
2836	Unicorn-37316.exe
2768	Unicorn-58099.exe
2904	Unicorn-56449.exe
1976	Unicorn-64788.exe
2336	Unicorn-51981.exe
1740	Unicorn-59957.exe
2844	Unicorn-12655.exe
2472	Unicorn-15993.exe
760	Unicorn-28991.exe
1572	Unicorn-7824.exe
620	Unicorn-40305.exe
612	Unicorn-15801.exe
3060	Unicorn-49028.exe
2080	Unicorn-45541.exe
1804	Unicorn-45541.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2392	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2392	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2392	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2392	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	28
PID 2392 wrote to memory of 2004	2392	Unicorn-30136.exe	29
PID 2392 wrote to memory of 2004	2392	Unicorn-30136.exe	29
PID 2392 wrote to memory of 2004	2392	Unicorn-30136.exe	29
PID 2392 wrote to memory of 2004	2392	Unicorn-30136.exe	29
PID 2248 wrote to memory of 2284	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2284	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2284	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2284	2248	d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe	30
PID 2392 wrote to memory of 2708	2392	Unicorn-30136.exe	32
PID 2392 wrote to memory of 2708	2392	Unicorn-30136.exe	32
PID 2392 wrote to memory of 2708	2392	Unicorn-30136.exe	32
PID 2392 wrote to memory of 2708	2392	Unicorn-30136.exe	32
PID 2004 wrote to memory of 1928	2004	Unicorn-8620.exe	31
PID 2004 wrote to memory of 1928	2004	Unicorn-8620.exe	31
PID 2004 wrote to memory of 1928	2004	Unicorn-8620.exe	31
PID 2004 wrote to memory of 1928	2004	Unicorn-8620.exe	31
PID 2284 wrote to memory of 2628	2284	Unicorn-62460.exe	33
PID 2284 wrote to memory of 2628	2284	Unicorn-62460.exe	33
PID 2284 wrote to memory of 2628	2284	Unicorn-62460.exe	33
PID 2284 wrote to memory of 2628	2284	Unicorn-62460.exe	33
PID 1928 wrote to memory of 2676	1928	Unicorn-48906.exe	34
PID 1928 wrote to memory of 2676	1928	Unicorn-48906.exe	34
PID 1928 wrote to memory of 2676	1928	Unicorn-48906.exe	34
PID 1928 wrote to memory of 2676	1928	Unicorn-48906.exe	34
PID 2708 wrote to memory of 2552	2708	Unicorn-33124.exe	35
PID 2708 wrote to memory of 2552	2708	Unicorn-33124.exe	35
PID 2708 wrote to memory of 2552	2708	Unicorn-33124.exe	35
PID 2708 wrote to memory of 2552	2708	Unicorn-33124.exe	35
PID 2004 wrote to memory of 2576	2004	Unicorn-8620.exe	36
PID 2004 wrote to memory of 2576	2004	Unicorn-8620.exe	36
PID 2004 wrote to memory of 2576	2004	Unicorn-8620.exe	36
PID 2004 wrote to memory of 2576	2004	Unicorn-8620.exe	36
PID 2628 wrote to memory of 1528	2628	Unicorn-61158.exe	38
PID 2628 wrote to memory of 1528	2628	Unicorn-61158.exe	38
PID 2628 wrote to memory of 1528	2628	Unicorn-61158.exe	38
PID 2284 wrote to memory of 1732	2284	Unicorn-62460.exe	37
PID 2628 wrote to memory of 1528	2628	Unicorn-61158.exe	38
PID 2284 wrote to memory of 1732	2284	Unicorn-62460.exe	37
PID 2284 wrote to memory of 1732	2284	Unicorn-62460.exe	37
PID 2284 wrote to memory of 1732	2284	Unicorn-62460.exe	37
PID 2676 wrote to memory of 1932	2676	Unicorn-52964.exe	39
PID 2676 wrote to memory of 1932	2676	Unicorn-52964.exe	39
PID 2676 wrote to memory of 1932	2676	Unicorn-52964.exe	39
PID 2676 wrote to memory of 1932	2676	Unicorn-52964.exe	39
PID 1928 wrote to memory of 2748	1928	Unicorn-48906.exe	40
PID 1928 wrote to memory of 2748	1928	Unicorn-48906.exe	40
PID 1928 wrote to memory of 2748	1928	Unicorn-48906.exe	40
PID 1928 wrote to memory of 2748	1928	Unicorn-48906.exe	40
PID 1732 wrote to memory of 856	1732	Unicorn-8594.exe	41
PID 1732 wrote to memory of 856	1732	Unicorn-8594.exe	41
PID 1732 wrote to memory of 856	1732	Unicorn-8594.exe	41
PID 1732 wrote to memory of 856	1732	Unicorn-8594.exe	41
PID 2576 wrote to memory of 2920	2576	Unicorn-49435.exe	42
PID 2576 wrote to memory of 2920	2576	Unicorn-49435.exe	42
PID 2576 wrote to memory of 2920	2576	Unicorn-49435.exe	42
PID 2576 wrote to memory of 2920	2576	Unicorn-49435.exe	42
PID 1528 wrote to memory of 3028	1528	Unicorn-28460.exe	43
PID 1528 wrote to memory of 3028	1528	Unicorn-28460.exe	43
PID 1528 wrote to memory of 3028	1528	Unicorn-28460.exe	43
PID 1528 wrote to memory of 3028	1528	Unicorn-28460.exe	43

C:\Users\Admin\AppData\Local\Temp\d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d44a5c3d781375cccc1988576f05d200_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        13⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        14⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        15⤵
        Program crash
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
        13⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        14⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54556.exe
        15⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        16⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        18⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        19⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        20⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34425.exe
        21⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        22⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        23⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
        16⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
        18⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        19⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        20⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29984.exe
        12⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        13⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50799.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        17⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        18⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        19⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        20⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        21⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        15⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41591.exe
        16⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        17⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
        18⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 224
        19⤵
        Program crash
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        16⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        17⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        18⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        19⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        10⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        12⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        13⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
        14⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49951.exe
        16⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        17⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        18⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        19⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        20⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        21⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        16⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        17⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        18⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        19⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        12⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        13⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        14⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        15⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        17⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        18⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        19⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-901.exe
        20⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
        21⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        22⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24016.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        15⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
        16⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        17⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        18⤵
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        12⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        13⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 200
        14⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        9⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        10⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        14⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        16⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        12⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        13⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        14⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
        15⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        16⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        15⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        17⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        18⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
        12⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
        14⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        15⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        16⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        17⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        18⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10195.exe
        19⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        20⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        12⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        13⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        14⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        15⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        16⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        17⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        18⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        19⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        11⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        14⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        16⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        17⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        18⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        19⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        20⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        18⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        19⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
        13⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        15⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        16⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        17⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        18⤵
        
        PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        11⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        12⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        13⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        14⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        15⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        16⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        17⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        18⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        19⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        20⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        21⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        13⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59079.exe
        15⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        16⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
        10⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        15⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
        16⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        17⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        18⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        19⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        13⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        15⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        17⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        18⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        19⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        20⤵
        
        PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        10⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
        11⤵
        Program crash
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        11⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        14⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
        16⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        17⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        18⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        19⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        20⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        13⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        15⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        17⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        18⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        19⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        14⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        15⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        17⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        18⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        11⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43983.exe
        13⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        15⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        16⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        17⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
        18⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        10⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        11⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34907.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        13⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        14⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        15⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        16⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        17⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        8⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37405.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
        13⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        16⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55281.exe
        17⤵
        
        PID:1272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        9⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41473.exe
        11⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        12⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        13⤵
        Program crash
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47394.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        12⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        17⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        18⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        19⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        20⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        12⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        14⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        16⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
        17⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        18⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        12⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        13⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        14⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 188
        15⤵
        Program crash
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        10⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64545.exe
        12⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        13⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        15⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        16⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        17⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        18⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        19⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46875.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        12⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        13⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        14⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53843.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        16⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        17⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        18⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        19⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30518.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        11⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        14⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        15⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44653.exe
        16⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        17⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        18⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        14⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        15⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        16⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        17⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        18⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
        19⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        6⤵
        Executes dropped EXE
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        10⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        13⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        15⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        16⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
        17⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
        18⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        19⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        18⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        17⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        18⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        9⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40581.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        12⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        15⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        16⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12914.exe
        17⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
        18⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        19⤵
        
        PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        13⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        14⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        15⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        17⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        18⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        19⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        12⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        14⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        15⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        16⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        17⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        18⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        19⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        11⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        12⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        16⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        17⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        18⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        19⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        20⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        21⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        20⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        16⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        17⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        18⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        19⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        15⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        16⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        17⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        18⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
        17⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        15⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        16⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        17⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        18⤵
        
        PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        10⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 200
        11⤵
        Program crash
        
        PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe

Filesize
192KB

MD5
80e03dd2a50ee19393a68ee3ee7099ac

SHA1
53a838a2bcc49f36cc647a3f27b83360e15533ea

SHA256
a05857c5d3ab8e365e8b618f44e5150346365f39e2a826ba92b062df8f12b6f5

SHA512
9881225ccb7ab8d80411877131a84b0fa6c6f7b4e0f74b61f908a4bcd51f2b568c33261f4b15532c25e3c77ca68860dbd18a77deedc00ab22b2b0125f7d44002

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe

Filesize
192KB

MD5
0f5b0f70aad38ed05de2a25a3e6bdfdf

SHA1
ce0858b045d79c54b96d04045d0cc84e3de9dc67

SHA256
ca8c0f1c775237097b28c715e77ccd9a736aa78d49f25729aa7a17afcea6218c

SHA512
11f1e571736c6a9995e074d847357c6f7c945bc1ae980bd8f3d50fa42dbf3c1aad045118078865d9f5e5e0243d3f200adb8ee2722f81071b98d5c0ae952fd423

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe

Filesize
192KB

MD5
8ac7311f94fbc451ff35ee5e6a947c43

SHA1
56963b1ccac3803d34282aa79f6dbbe2db376f17

SHA256
1a1cf039a4c4677457a9b2642e8b2c52b9aa6737cdc4eb77d9991eb4fdaa4a14

SHA512
9ef42d180c715c93c1928773fd5bcbc7eb8c29fe5221a5f7a375a119722b3f6b7d0498642dd1cc7946d9fed35fa586008fa2a12c6f35d55c9a232f8d7b99d4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe

Filesize
192KB

MD5
dc6973d5a6e3519da87bf39764bb77b6

SHA1
f06321e8405b56a804d514fec0dbe53762683494

SHA256
77761cb92057f925774ecfe36033a0621756cf7a8550df1029325b613f696c48

SHA512
66a36bc0243e2301280dfc79e607ff4225ba975abeecff3a1849f33d87af912516afea08ed4e17f0aa63d008ee3a0bc086e05d90c823475396811a5cce2c8529

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe

Filesize
192KB

MD5
6cc803ea56fd5aae31e6903c7c6ea395

SHA1
21b2ad0b45801b0b74941bd05c31f7f4fb9e0ea5

SHA256
0615234cc8d0cfcc23ee85fc41a84c08f89a244d19e1b9b24b4e53ca596ab753

SHA512
0667319a7bdd7008173695c242a3a372ac7c6e8a6c2094f0df6f9124fcb28772995a6fd02b895461d4bb3c1045e2c8de6a1679d5d69377ae3e4c619afa198650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe

Filesize
192KB

MD5
2b197166ff2a6e054bc2260c4b719ef0

SHA1
745f49cd8eff79f09b2ea3a062fc4c91f181e509

SHA256
6f02c7642000310f7037d5c8d2c6d7cfd3d7e944d62ae7b1a87f2587bfcd4749

SHA512
7b23e31158e05be1b9665c90243b41e0fc1af530f9e0d49437ee0c8d254ee9699049b79a0273955374fbdc1a5b5d61a77082f5b69434e8b65f73e12f62e1114d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe

Filesize
192KB

MD5
be688949a57aef8667fce66d41808b08

SHA1
666fd2e81af009befc4fa3c0356c8dc336752a5b

SHA256
4a045856bee4c424d89b9191c750cc717231725002fe338e0d97a8cac8907e42

SHA512
a2f941f072b1ce1ea56abdbe90d16fb0b2398bc20e31927bafd96e4cad50e95be5e0dbcd0b0399d140fccbc21e8fe5a7e88ecbc6fa6b88b44f5eae09b56b9044

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
192KB

MD5
9ec132ddddba4daa0fbba904b253c019

SHA1
742cb8f9f2724198c7261f5a73477f1da31dabec

SHA256
5cd38cd90bd356dbf21c58b6580632cd94594857b96d578437ef1d68862cdc8e

SHA512
01aa4dee4200f1c1b664c86011291fbf8b0ebafd2b10ec49a54bef5f5724a725c97cabbb2343204e5b001791bd41985f307f4d6f2f672f5e639e17ff72974a49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe

Filesize
192KB

MD5
12beddebc8726835a3df70c12bdd36ba

SHA1
33da0c7981faed11fb2f5644a88c56f05ee2b56c

SHA256
46c90222c4e35bdf6eeef5b6e5abb45a0227bde2f90083f0f19bbf0a8737d2b4

SHA512
156dc5f9f359f8d0e2e485998591ca62d995ec942fb9c940912dcabff72e0c9faed61f72906bdd09522ddcd1c30e074e0dffaf04f0f6c667ea7e0e2264f7fcde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe

Filesize
192KB

MD5
38dbba4ac0771733364f70e7f4ae7cf0

SHA1
f92c947b0942bc4ed18ddaead563deff1c748b84

SHA256
f270ed8193c7aa86af77f31fdd41732852f69902970bf9748e7b09667e0a3970

SHA512
55a4dd4d88b5d3bfb75d77a927a579894532d1669c10b6fd32eb5a9cdaae5b69911ccd1b6c02bd32bb53465aa60523a6b5382b4f2206094f33e1cf19df87c415

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28460.exe

Filesize
192KB

MD5
6628a091f26b665981deef5242708f80

SHA1
0c03de951b8f3723c26e9099ef635eb472f48543

SHA256
4a133db3eec2623ac8ddf5802429fcd9b7e39e55dbd5d94808a19e1e2f53455e

SHA512
04c7ba1fa8a7453ce1694bad322e13153a1a92bf8d14b18c1197297c55b7e1861d39a362a57f4e981934a30aa8d54342dddb28d3171518d39be1ecc494169fed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe

Filesize
192KB

MD5
bf120196072ad582336b8d2b99339dd2

SHA1
56795ac79a63edfa4f37b1c16ae72bf2e739a7d2

SHA256
40960f3adf1ceb93fcc3ce57773980b603adc8a4aa70b95b0fc419f4e663e214

SHA512
515ebf44c3297c3232e125acb4ba5729be1ca7999d1b7eaab2a9e2ceac51b1ec188a8881f226d49ce95d9eae09a49b175e399e21595a7676361a53cff7f63b76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe

Filesize
192KB

MD5
f5ad976094fee02f16fd9e846e214ad3

SHA1
ef66f83f1c4b8ddec5cf6def3a12e8d162dd0f4b

SHA256
1755a293b2146fc72952bc410614276e8ef1ece74d81b551dbd5662e58928d48

SHA512
9cefca45719e402cbb806058525bc9e6cab3c59c5ffc7dd8e2fe41226ba630000a420f2a05673cd18d3127ae778c001a9e220ed98e961214d9ae8b987a72e773

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe

Filesize
192KB

MD5
b3b64998235fdeef45db37f60c667dc7

SHA1
f9556e1c9a9b70bf6e606257616a28717ff3c683

SHA256
f4ffb832630c0542914e5dc01c722d049e62da5a01bdbc29fd14029c2b0a9275

SHA512
db30e713b278941e6820391cc4ab651a189fa5aa9a9dc291e7c530dfa8449a281020c55c35972ce0022f160acd45456fbcd811221998a718bd492ac70a36e52e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3763.exe

Filesize
192KB

MD5
97e84ebd652866579e1a4be8383e1990

SHA1
86abe404bdddfc68723ef190fe5fc8dd1515569f

SHA256
1ba154c29c22397ef696b216b64f5613cff57af7c1df9b7c8c43ec238032f24a

SHA512
49091bde75e1acb03f42414147e8df210d81a28ba7963e27315eb94d1995219264054da16270cf56db48d0bf33a2bc7ae7ec148272bc8f246a66ba972ed23d0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe

Filesize
192KB

MD5
499a7b22639bb19667482835fee757e4

SHA1
508f88c3a04774db785cda54eb06ee80bbdc9b00

SHA256
0a052cdbace6ea918f6bb6a48e8b3b222d260e8f962867379f89f5a3ef7da433

SHA512
e200bac11e5ac8c3321476deff970fb255a23cc0ed35e54abdf1d2fa264d7c3d462a7140e8196fc11fd97c3da7c07d83d812c097fef2a349c71b36980235ec6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe

Filesize
192KB

MD5
b91bd7e286953b85eb1664ba2e4dc367

SHA1
9ca62b2f2b386a2136457ed568a08f63e8bcd8b9

SHA256
5479c86fa1ed80406371d8d22aee2f4f06362c9f505755205be1800f633a3eec

SHA512
072d311e2eca76560b4c87a8153b7b451ecffdbcd9de4b4fb56e71f4f96e74689775ab28fc9a3f225c0199283663c00316035b09abfb52fdd5050bb9903bcc33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe

Filesize
192KB

MD5
1e754715e8ad137d5c629afcf3b3c0eb

SHA1
837dd19a3d9957c58f7ff22d6ae273a0145f7f05

SHA256
e41328f892b690d3e51c5c62b2b9776f083ee5468b1784357df742ffce4cc31e

SHA512
f718be6ebca28e602832eb605be41a434840edbaa37b730f038c025b0a5f9b0cae247efb1da9f515c3dcc8f06cfd0b233a240a960e5380a3508530f30793eabc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe

Filesize
192KB

MD5
8ba8ce0ae734d022c255c1d81567d434

SHA1
ec21609fddc16bb286b1c26012a8b81e4453cb93

SHA256
631d1a84e3d9f85847a50b8043358ed0400fed92ed079cb66d12cfab62e29a3c

SHA512
be6b0e0e7e42337fcbcc04114202d2d5fab747805ce7edc5cea05df7062cb0225d428dee78405ec65c251e6775b4b59bf12856bc92a4f302e1ffecddae31d7e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe

Filesize
192KB

MD5
c09a4f5b0120066477d64d3a5a468ccd

SHA1
e926707129e9d94f2dd73297df487d4fe8e121d7

SHA256
dcc42b20d655594674c058c0144816a81cb209225ac8f7a1d73b8ce309cebaed

SHA512
e373a458f0eacb12153428fda2dcb902063d17d72142342518ebfc997cd43d3bead8f014800c0a51e1e9eb3bd57849362b299c8a6efc576e4f5c2887d82297db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53369.exe

Filesize
192KB

MD5
fc46427e25b38d2fc13c39f5a7d7f5ac

SHA1
de9bf73aed2c7876d5814dea82b612d592a4db08

SHA256
b45628dd5f2bebb7a87ef4467b679c2ca9b7ba81bd0467d56b79d825d46d1d35

SHA512
61ff1052d9da70eb37684ca6949e5615df8ca34c70d40c5d457f7c7cdf57ba80d7f87adf4d14f60b4298d29c3aaf31fba9edb0d632260da81c38f00b55b00f29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe

Filesize
192KB

MD5
743d5e3d9c028d55abe84a1fecba4db2

SHA1
e8fa40659805fbaafc41f5d75742807edf449213

SHA256
44775e14403c7b409f6bcff1d999c70ba190a0166752a148bd1c67c593b880a9

SHA512
166c4bd6d9c8488c2dc759ddd541f869a57929822f5bfbcc8576db4b54b7a3c53e3449461f5a6bfe72998a87ce15866fffd3c757e3ef4bdc8cb2e3c5ea5dca12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe

Filesize
192KB

MD5
987df45ee83e50619df0b0fa8ba03b4f

SHA1
67dc121f21ed164ea9087f35e3f8c4eb4d4047bb

SHA256
6869c604f310b864dd60b16fcaefe115a36ebd9894a566f6c35f08a45ea5a995

SHA512
e8ee6d229ba17677a091e3f2a63d1fbdeba63ff87e3fc14522aac69c813068cc97f26920e843e6343096df7fa7f5151f51fd28ddde381ade06a5fc32525bc59d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe

Filesize
192KB

MD5
cbe5662e7fd3e292f959c55f25ec050d

SHA1
fe347bd62e30839c66eb153da9212e75ca3580a6

SHA256
8f209b484a7b3101fa832b4dcaf648e06b3623862e8111495952976b9a557991

SHA512
e413d29c9fd3ee42a163f79535f03f894036940950935ccf34f0c5910e3a6a47d16b9af78bf57868696e780a6befb46fabd29ed57a5d119c4d19045c2f1e2eb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe

Filesize
192KB

MD5
91ce6ea2492d80e988fbb657da9589f5

SHA1
c06b8476efb1cdfa3f955289f6224b594499f268

SHA256
a1cf811d319664f053bd5e9fd9f0630ed1ce377bb2041654214819cf37321773

SHA512
c3fd794452fd19239491582d6accc145556a69b69363293d00c7ed7ebb9985c686f5f946f7d8ea17db9ca61d96137c228abe99f199bb5cd004f6434a9c0452b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe

Filesize
192KB

MD5
7a3f5ae0579b83d9f41119712225f9ba

SHA1
77214f534973e00faa538d9e0ba14f47ec46ba7e

SHA256
128001a878ae9edee7e3c80cae0ce37c4b53afeba104222977decd772f94fcd9

SHA512
2c13f3b6ca84e377922e05826f6877e56f2a15fb8f2a486be38782828b2f7246027cd1b4db9cbf70734071243f902e654c7c856358132789015bb736fb85f22f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads