187ca0d6793691f1ee3a15c647c97fcac50da44d65ec2039a44c7aac166b5d67

Analysis

max time kernel
137s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe
Size

468KB
MD5

e50bead7e71474b4754fdb9872c4ef80
SHA1

fcd1676b5f73dbf3988d7a569e026db8ef1c35cb
SHA256

187ca0d6793691f1ee3a15c647c97fcac50da44d65ec2039a44c7aac166b5d67
SHA512

437e3dd5b86507eb401cdbc0d1784427b2649046134f872868d7c7483ca92907bf7df8dc1b3748cc04295bb0bbd1e043fae3741a823ccefff25d8a7fb22c4bf1
SSDEEP

3072:tbACogIdhn5YtbYJPzcjff8/EChXPapcnmHCxEhs4DxLc47pmsEh:tb1o55YtOP4jffuSyH4Dtd7pm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3956	Unicorn-38064.exe
2664	Unicorn-33269.exe
1116	Unicorn-32562.exe
724	Unicorn-63056.exe
3932	Unicorn-51359.exe
4088	Unicorn-31536.exe
1524	Unicorn-33573.exe
3576	Unicorn-13227.exe
1940	Unicorn-18935.exe
2376	Unicorn-51830.exe
2876	Unicorn-57960.exe
2364	Unicorn-33456.exe
1552	Unicorn-41624.exe
3136	Unicorn-17482.exe
1700	Unicorn-37083.exe
1708	Unicorn-57104.exe
4708	Unicorn-48552.exe
3636	Unicorn-61551.exe
564	Unicorn-9749.exe
4892	Unicorn-15880.exe
4604	Unicorn-56912.exe
2628	Unicorn-31513.exe
3820	Unicorn-45215.exe
2476	Unicorn-17778.exe
3528	Unicorn-28713.exe
2268	Unicorn-37379.exe
3988	Unicorn-44312.exe
916	Unicorn-44312.exe
4572	Unicorn-63855.exe
4304	Unicorn-61254.exe
2592	Unicorn-1847.exe
1000	Unicorn-52008.exe
4924	Unicorn-8707.exe
4908	Unicorn-40995.exe
3964	Unicorn-64945.exe
3860	Unicorn-27120.exe
1652	Unicorn-8323.exe
4960	Unicorn-51054.exe
1240	Unicorn-59984.exe
2092	Unicorn-752.exe
3484	Unicorn-28272.exe
3408	Unicorn-487.exe
4380	Unicorn-26225.exe
2432	Unicorn-32356.exe
3412	Unicorn-21365.exe
4696	Unicorn-54037.exe
2956	Unicorn-59282.exe
456	Unicorn-6890.exe
2172	Unicorn-12490.exe
3548	Unicorn-21365.exe
3032	Unicorn-19838.exe
2028	Unicorn-13973.exe
5116	Unicorn-17432.exe
4472	Unicorn-39197.exe
3068	Unicorn-7309.exe
744	Unicorn-7309.exe
4916	Unicorn-26560.exe
3584	Unicorn-6140.exe
2900	Unicorn-57003.exe
1928	Unicorn-60210.exe
3192	Unicorn-6925.exe
4552	Unicorn-3910.exe
4188	Unicorn-34427.exe
956	Unicorn-46650.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
7588	6820	WerFault.exe	288
11612	7128	WerFault.exe
4344	14264	WerFault.exe	704
16388	2716	WerFault.exe	707
17692	15016	WerFault.exe
16988	15048	WerFault.exe
15128	7160	WerFault.exe	272
7068	7128	WerFault.exe
11232	2716	WerFault.exe	707
6560	14264	WerFault.exe	704
17680	15048	WerFault.exe	690
8704	15016	WerFault.exe	687

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	4780	dwm.exe
Token: SeChangeNotifyPrivilege	4780	dwm.exe
Token: 33	4780	dwm.exe
Token: SeIncBasePriorityPrivilege	4780	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe
3956	Unicorn-38064.exe
2664	Unicorn-33269.exe
1116	Unicorn-32562.exe
724	Unicorn-63056.exe
3932	Unicorn-51359.exe
4088	Unicorn-31536.exe
1524	Unicorn-33573.exe
3576	Unicorn-13227.exe
1940	Unicorn-18935.exe
2376	Unicorn-51830.exe
1552	Unicorn-41624.exe
2876	Unicorn-57960.exe
2364	Unicorn-33456.exe
3136	Unicorn-17482.exe
1700	Unicorn-37083.exe
1708	Unicorn-57104.exe
4708	Unicorn-48552.exe
4604	Unicorn-56912.exe
564	Unicorn-9749.exe
2268	Unicorn-37379.exe
2476	Unicorn-17778.exe
3636	Unicorn-61551.exe
3528	Unicorn-28713.exe
4892	Unicorn-15880.exe
3820	Unicorn-45215.exe
2628	Unicorn-31513.exe
916	Unicorn-44312.exe
3988	Unicorn-44312.exe
4304	Unicorn-61254.exe
2592	Unicorn-1847.exe
1000	Unicorn-52008.exe
4924	Unicorn-8707.exe
4908	Unicorn-40995.exe
1652	Unicorn-8323.exe
3860	Unicorn-27120.exe
3964	Unicorn-64945.exe
4960	Unicorn-51054.exe
3484	Unicorn-28272.exe
1240	Unicorn-59984.exe
3408	Unicorn-487.exe
2092	Unicorn-752.exe
4380	Unicorn-26225.exe
2432	Unicorn-32356.exe
456	Unicorn-6890.exe
3548	Unicorn-21365.exe
3032	Unicorn-19838.exe
3412	Unicorn-21365.exe
4696	Unicorn-54037.exe
2956	Unicorn-59282.exe
2172	Unicorn-12490.exe
2028	Unicorn-13973.exe
5116	Unicorn-17432.exe
4472	Unicorn-39197.exe
3068	Unicorn-7309.exe
744	Unicorn-7309.exe
4916	Unicorn-26560.exe
2900	Unicorn-57003.exe
3584	Unicorn-6140.exe
1928	Unicorn-60210.exe
4552	Unicorn-3910.exe
3192	Unicorn-6925.exe
3284	Unicorn-49110.exe
956	Unicorn-46650.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 3956	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	87
PID 32 wrote to memory of 3956	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	87
PID 32 wrote to memory of 3956	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	87
PID 3956 wrote to memory of 2664	3956	Unicorn-38064.exe	93
PID 3956 wrote to memory of 2664	3956	Unicorn-38064.exe	93
PID 3956 wrote to memory of 2664	3956	Unicorn-38064.exe	93
PID 32 wrote to memory of 1116	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	94
PID 32 wrote to memory of 1116	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	94
PID 32 wrote to memory of 1116	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	94
PID 2664 wrote to memory of 724	2664	Unicorn-33269.exe	98
PID 2664 wrote to memory of 724	2664	Unicorn-33269.exe	98
PID 2664 wrote to memory of 724	2664	Unicorn-33269.exe	98
PID 3956 wrote to memory of 3932	3956	Unicorn-38064.exe	99
PID 3956 wrote to memory of 3932	3956	Unicorn-38064.exe	99
PID 3956 wrote to memory of 3932	3956	Unicorn-38064.exe	99
PID 1116 wrote to memory of 4088	1116	Unicorn-32562.exe	100
PID 1116 wrote to memory of 4088	1116	Unicorn-32562.exe	100
PID 1116 wrote to memory of 4088	1116	Unicorn-32562.exe	100
PID 32 wrote to memory of 1524	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	101
PID 32 wrote to memory of 1524	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	101
PID 32 wrote to memory of 1524	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	101
PID 724 wrote to memory of 3576	724	Unicorn-63056.exe	104
PID 724 wrote to memory of 3576	724	Unicorn-63056.exe	104
PID 724 wrote to memory of 3576	724	Unicorn-63056.exe	104
PID 2664 wrote to memory of 1940	2664	Unicorn-33269.exe	105
PID 2664 wrote to memory of 1940	2664	Unicorn-33269.exe	105
PID 2664 wrote to memory of 1940	2664	Unicorn-33269.exe	105
PID 3956 wrote to memory of 2376	3956	Unicorn-38064.exe	106
PID 3956 wrote to memory of 2376	3956	Unicorn-38064.exe	106
PID 3956 wrote to memory of 2376	3956	Unicorn-38064.exe	106
PID 3932 wrote to memory of 2876	3932	Unicorn-51359.exe	107
PID 3932 wrote to memory of 2876	3932	Unicorn-51359.exe	107
PID 3932 wrote to memory of 2876	3932	Unicorn-51359.exe	107
PID 4088 wrote to memory of 2364	4088	Unicorn-31536.exe	108
PID 4088 wrote to memory of 2364	4088	Unicorn-31536.exe	108
PID 4088 wrote to memory of 2364	4088	Unicorn-31536.exe	108
PID 1524 wrote to memory of 1552	1524	Unicorn-33573.exe	109
PID 1524 wrote to memory of 1552	1524	Unicorn-33573.exe	109
PID 1524 wrote to memory of 1552	1524	Unicorn-33573.exe	109
PID 1116 wrote to memory of 3136	1116	Unicorn-32562.exe	110
PID 1116 wrote to memory of 3136	1116	Unicorn-32562.exe	110
PID 1116 wrote to memory of 3136	1116	Unicorn-32562.exe	110
PID 32 wrote to memory of 1700	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	111
PID 32 wrote to memory of 1700	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	111
PID 32 wrote to memory of 1700	32	e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe	111
PID 3576 wrote to memory of 1708	3576	Unicorn-13227.exe	112
PID 3576 wrote to memory of 1708	3576	Unicorn-13227.exe	112
PID 3576 wrote to memory of 1708	3576	Unicorn-13227.exe	112
PID 2376 wrote to memory of 4708	2376	Unicorn-51830.exe	113
PID 2376 wrote to memory of 4708	2376	Unicorn-51830.exe	113
PID 2376 wrote to memory of 4708	2376	Unicorn-51830.exe	113
PID 724 wrote to memory of 3636	724	Unicorn-63056.exe	114
PID 724 wrote to memory of 3636	724	Unicorn-63056.exe	114
PID 724 wrote to memory of 3636	724	Unicorn-63056.exe	114
PID 2664 wrote to memory of 564	2664	Unicorn-33269.exe	116
PID 2664 wrote to memory of 564	2664	Unicorn-33269.exe	116
PID 2664 wrote to memory of 564	2664	Unicorn-33269.exe	116
PID 3136 wrote to memory of 4604	3136	Unicorn-17482.exe	117
PID 3136 wrote to memory of 4604	3136	Unicorn-17482.exe	117
PID 3136 wrote to memory of 4604	3136	Unicorn-17482.exe	117
PID 1700 wrote to memory of 4892	1700	Unicorn-37083.exe	115
PID 1700 wrote to memory of 4892	1700	Unicorn-37083.exe	115
PID 1700 wrote to memory of 4892	1700	Unicorn-37083.exe	115
PID 1116 wrote to memory of 2628	1116	Unicorn-32562.exe	121

C:\Users\Admin\AppData\Local\Temp\e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e50bead7e71474b4754fdb9872c4ef80_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:32
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60075.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15944.exe
        10⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        10⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        10⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        10⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        10⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        9⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        9⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        9⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        9⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        10⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        10⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        9⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        9⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        8⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        9⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        10⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
        9⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        9⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        9⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26804.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        8⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        8⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        7⤵
        
        PID:13660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        9⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        10⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        10⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        9⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        9⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        9⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        8⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        8⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        9⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        8⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        8⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        8⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        6⤵
        Executes dropped EXE
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        8⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        8⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9420.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
        7⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        7⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        8⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        7⤵
        
        PID:18024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        6⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56199.exe
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        9⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        9⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        9⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
        7⤵
        
        PID:15380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        7⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22036.exe
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        8⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        7⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42722.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        6⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        9⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        7⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        7⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43508.exe
        7⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
        6⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12301.exe
        6⤵
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        6⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        6⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        6⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
        6⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        5⤵
        
        PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        9⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        9⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        7⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        7⤵
        
        PID:18084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        7⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        8⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        8⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        7⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        6⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        7⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        6⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        6⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6105.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        7⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        6⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        8⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        7⤵
        
        PID:17044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        7⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        6⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        6⤵
        
        PID:17968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56760.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        6⤵
        
        PID:11692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29197.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        5⤵
        
        PID:8432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20749.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        7⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        7⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        7⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        6⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        7⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        7⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        7⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        6⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63561.exe
        5⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        7⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        6⤵
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        5⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        6⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        6⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        5⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        5⤵
        
        PID:11316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        5⤵
        
        PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      4⤵
      PID:10792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12736.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        7⤵
        
        PID:18328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22005.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        7⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        7⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        6⤵
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        7⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        6⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        6⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        5⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        5⤵
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41814.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        9⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        9⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        8⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53385.exe
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        7⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        6⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        6⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        6⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54922.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        5⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        5⤵
        
        PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        7⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        7⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        6⤵
        
        PID:16356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        6⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        5⤵
        
        PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        5⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        6⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
      4⤵
      PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        5⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        9⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        9⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        8⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        7⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        7⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        7⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        8⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        7⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        7⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        7⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        6⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        7⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        
        PID:17744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        5⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        5⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        5⤵
        
        PID:420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        5⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        5⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        6⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        7⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        6⤵
        
        PID:12412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        6⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37625.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        5⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        5⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        5⤵
        
        PID:15048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15048 -s 440
        6⤵
        Program crash
        
        PID:16988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15048 -s 392
        6⤵
        Program crash
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        5⤵
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
      4⤵
      PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
      4⤵
      PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        7⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        7⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        6⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        6⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59670.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        6⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        6⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
        5⤵
        
        PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
      4⤵
      PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
      4⤵
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        6⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        5⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        5⤵
        
        PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48533.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
      4⤵
      PID:5240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
      4⤵
      PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
      4⤵
      PID:12672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
    3⤵
    PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      4⤵
      PID:14264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14264 -s 428
        5⤵
        Program crash
        
        PID:4344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14264 -s 428
        5⤵
        Program crash
        
        PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
      4⤵
      PID:7432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
    3⤵
    PID:9960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
    3⤵
    PID:14300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
    3⤵
    PID:8924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        5⤵
        Executes dropped EXE
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        9⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        6⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57554.exe
        7⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        7⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        6⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        6⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
        7⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4182.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        5⤵
        
        PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        8⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53437.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        7⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        8⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        7⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        6⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-484.exe
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        7⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        7⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        6⤵
        
        PID:18412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        6⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        6⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        5⤵
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35187.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        7⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        6⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 436
        7⤵
        Program crash
        
        PID:16388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 392
        7⤵
        Program crash
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        6⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        5⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9307.exe
        5⤵
        
        PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17521.exe
      4⤵
      PID:10400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
      4⤵
      PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6132.exe
      4⤵
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48954.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        7⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        6⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20692.exe
        5⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        7⤵
        
        PID:15840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        7⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7200.exe
        6⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        6⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        5⤵
        
        PID:7128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 460
        6⤵
        Program crash
        
        PID:7068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 460
        6⤵
        Program crash
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        5⤵
        
        PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        6⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        6⤵
        
        PID:15416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        6⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24762.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
        7⤵
        
        PID:17996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        6⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        6⤵
        
        PID:14748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        5⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
      4⤵
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        6⤵
        
        PID:15016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15016 -s 436
        7⤵
        Program crash
        
        PID:17692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15016 -s 392
        7⤵
        Program crash
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        6⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
      4⤵
      PID:10636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        8⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        6⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        6⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        5⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        6⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        5⤵
        
        PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64455.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        7⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2229.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
      4⤵
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
      4⤵
      PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        5⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        6⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        5⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        5⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58270.exe
        5⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        5⤵
        
        PID:12852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
      4⤵
      PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        5⤵
        
        PID:10952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
      4⤵
      PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
      4⤵
      PID:11528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        5⤵
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
      4⤵
      PID:17960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
    3⤵
    PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
      4⤵
      PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
      4⤵
      PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
    3⤵
    PID:9988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
    3⤵
    PID:13428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
    3⤵
    PID:17832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
    3⤵
    PID:5696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        8⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 636
        8⤵
        Program crash
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60288.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        6⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        6⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        7⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        6⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        6⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        5⤵
        
        PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62900.exe
        6⤵
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        6⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        6⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        5⤵
        
        PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        5⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        5⤵
        
        PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
      4⤵
      PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
      4⤵
      PID:15320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        7⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        6⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        6⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        5⤵
        
        PID:13796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        5⤵
        
        PID:18040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        5⤵
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
      4⤵
      PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53073.exe
      4⤵
      PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
    3⤵
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        5⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        6⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        5⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        5⤵
        
        PID:11468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
      4⤵
      PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
      4⤵
      PID:18220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      4⤵
      PID:15024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
    3⤵
    PID:10616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
    3⤵
    PID:14364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
    3⤵
    PID:12708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-973.exe
        6⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        7⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        6⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        7⤵
        
        PID:15456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        6⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        6⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52617.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        5⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
      4⤵
      PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        5⤵
        
        PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
      4⤵
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
      4⤵
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
      4⤵
      PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        5⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
      4⤵
      PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      4⤵
      PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
    3⤵
    PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
      4⤵
      PID:15748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
    3⤵
    PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
    3⤵
    PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
    3⤵
    PID:3168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9613.exe
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9140.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53649.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
      4⤵
      PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
      4⤵
      PID:13760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
    3⤵
    PID:6820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 212
      4⤵
      Program crash
      PID:7588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
    3⤵
    PID:10256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
    3⤵
    PID:13344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
    3⤵
    PID:2792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        5⤵
        
        PID:10156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
      4⤵
      PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
      4⤵
      PID:12656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
    3⤵
    PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
      4⤵
      PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
      4⤵
      PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
      4⤵
      PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
    3⤵
    PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15165.exe
      4⤵
      PID:13468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
    3⤵
    PID:13696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
    3⤵
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
    3⤵
    PID:7800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
  2⤵
  PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
    3⤵
    PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
      4⤵
      PID:7620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
    3⤵
    PID:8244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
    3⤵
    PID:14908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
    3⤵
    PID:416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
  2⤵
  PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
    3⤵
    PID:17504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
    3⤵
    PID:12716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
  2⤵
  PID:10432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
  2⤵
  PID:13788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
  2⤵
  PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7128 -ip 7128
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6820 -ip 6820
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7128 -ip 7128
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7160 -ip 7160
1⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 15048 -ip 15048
1⤵
PID:16744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2716 -ip 2716
1⤵
PID:16828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 14296 -ip 14296
1⤵
PID:16892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 14264 -ip 14264
1⤵
PID:16920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 13760 -ip 13760
1⤵
PID:17236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 15056 -ip 15056
1⤵
PID:17324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 13580 -ip 13580
1⤵
PID:16080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 15016 -ip 15016
1⤵
PID:16612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 13760 -ip 13760
1⤵
PID:17280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 15064 -ip 15064
1⤵
PID:17436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 15056 -ip 15056
1⤵
PID:17528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 14296 -ip 14296
1⤵
PID:17556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 15008 -ip 15008
1⤵
PID:17604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 13580 -ip 13580
1⤵
PID:17660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 15024 -ip 15024
1⤵
PID:17680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 15000 -ip 15000
1⤵
PID:17704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 15032 -ip 15032
1⤵
PID:17768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 15040 -ip 15040
1⤵
PID:17820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 15064 -ip 15064
1⤵
PID:17872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 15008 -ip 15008
1⤵
PID:18032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 15024 -ip 15024
1⤵
PID:18112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 15000 -ip 15000
1⤵
PID:18180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 15032 -ip 15032
1⤵
PID:18268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 15040 -ip 15040
1⤵
PID:18292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 2716 -ip 2716
1⤵
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 14264 -ip 14264
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 15048 -ip 15048
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 15016 -ip 15016
1⤵
PID:17872

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe

Filesize
468KB

MD5
ca63fa289b896b9369c77c241b99856b

SHA1
c9790d3d316cecb18928a75501ab852fc7a75ae6

SHA256
19e1e031fb7c060aebb14a75564e7cd2c1264e9e3ef3f00a8e24565cdabcbf0a

SHA512
b736847dbc495723e6482f1daf14721f1db43dce6a4a984e1127f337cbe1006a473ffa1fd9f227bca5edf97b88ab6901aecd44d847d25673269d5b2d0c89a312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15880.exe

Filesize
468KB

MD5
bfbe9ea2758f8421ed047d9a470d8454

SHA1
10ec2a516c5d75e9605b3a57171088da5b33e542

SHA256
4947c6c7bd15a0b24d17df9175321fe41e03311f3136c46a25193a8a592bcd8b

SHA512
5d5c0917a49ae5cee11d1196a1a496cf3e3e59f597c78e163bc70b8106c98d2d18b08456456d2f2e6e66a3f9ffb4dec37a14441d52e4b50db9c230385b06152f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe

Filesize
468KB

MD5
f2b366e3bfc775ce699e92d99d20532c

SHA1
a84512306e8227ab8772a05ca4b24773b8e81025

SHA256
a3c85d82a2dd4b442505258a74814f557b9ad0508756bb35a9c2d338c915c509

SHA512
b169111ce8811a8386e9b7d3c6e6778073fb2b0bcb3b67790e9a35ccac058c01847a58126dc128b280d271d1192c175c25de266cdb64628e6757b6333bb19376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe

Filesize
468KB

MD5
4f650524aa03da6f79646b317421e5ba

SHA1
bd49c268f77ffb95fc9b702a9d1a102fed89c6e3

SHA256
4a1853dd3cba6299b68e7179e2076dd7f046128dadbdd838484c898de04c1629

SHA512
01cb8ee7b273664438ab96db86ac00b8239ca27a0925890580a3f9db2262b04c28cecbfee809730efa115ea372a06ae5a783f5ed6ebe7b2b4962861516f7bf6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1847.exe

Filesize
468KB

MD5
6a11580af06d8ec81c7bc7eb0db97b5a

SHA1
cd3dc684bd5be174b54a45b9cd3fd99d04c59daf

SHA256
c1b73ceaea2c60a37fc2d2eae4902671c5a886c9e73e7089592a3d836b8a57d1

SHA512
4828663609b7be0571d5ced4f36e459ba79a5c40f7d075dc98feb472bfd3f3a60d89143f47b8552d71670b45ba312c6d31828f112b50d2aff394d5747e4b5da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe

Filesize
468KB

MD5
0527cd6008ffdff930e8dcdca52a9174

SHA1
617f7336d82cc89b81e5ebcc08bbd284640d4225

SHA256
13fad063edd0b5876f2f0810e4d01d9d13f6621a4f832ebf4f51e5965015202c

SHA512
27f1fd9f9e3d1564628aeb1f5de60cf5fbf6ea132e4a4f206f7479a90d6e08906b06c3b4ef62dc8f130916ded77b8c1fabc274ad89ae3d746aee6264947d3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe

Filesize
468KB

MD5
c1340184e1e7a350a548fa0aea497161

SHA1
f27a9b998861c94a5fe1982ba40c1e4091f6d72b

SHA256
b25e8c00fb55532bff66bc4b759bd617274470b471f016c12d66c0aba3d66078

SHA512
a6c4504cb0c3ed165a121bbb3114829fb7f6a24964950dba45a8b2f1ebd8ca61884a75b5bd03c771973352a81f6eaba6dfa117604b1b81078e1c8685b1f464f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe

Filesize
468KB

MD5
bf54d2f296fb58455cba5b4a9515ab2d

SHA1
490ccccba6d72fccb7689dcfe4bbe5f245b2ed36

SHA256
9e9d5c89e2fc62a76439126015a2ee351516a8a41ac11dc64d9d4bd6d2e29a15

SHA512
0ddee9ff94d35810af87e70b5e0d7cc51a5b2460ee1dbf62f6904752f960da970577409fb2da58f5c6dd59a6624500027caa06eb0282a786e6f3f261734feca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe

Filesize
468KB

MD5
d0d921c72cbb15020e29e7bca6842a91

SHA1
88818f45b5b82a43febd249bc20ae7b678cf3aab

SHA256
9bef56e9ed81d43155d17143ff7169cb7c5c8335d7d1dfc90c4e8aaf0ec8ae25

SHA512
8bbcc9df8618358cdefaaf5513cd67e0dc15d6d4771b3c62b0760cc55f03715263f0290be0de51c438116af73eeca687a06888e35012ec245f17610ac28411dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32562.exe

Filesize
468KB

MD5
57cc27a02bc0c5f62ec81f3dcbbae31b

SHA1
e3edaf58468196aa6787542d5502f5cc5c89f2ee

SHA256
bccad1a79d562ed63a25b8fab2626f2fbb3b6d109a7e9bd85bfabbdaa54c56fb

SHA512
8fa863f988096949ebd29ebf1bd33fc88e8a13b0b5f91105545315413f36be1d0eb83875f04f8a06c488b2f317b51e7d4c9d12f1d326cd488c9b620b96ca7db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe

Filesize
468KB

MD5
77cceb9706dbf8b738365f5a306c48e6

SHA1
713bf27d445151e8d27a8cd6e891e2fb27ac100a

SHA256
ef0616208f271a954939aaa26851f50964719739e3d1c3988b799f7cdb77ca61

SHA512
d200d979e22cf08919eece278cf744bd5bd4037f6d6b14dbbff184cfcf11096558c9388edeb8fde125320c10829a5897ab6414147699555f17303ceca21ec28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe

Filesize
468KB

MD5
38a2d0a909f712cd046b6cf04e77c859

SHA1
702cb7a1b278807526198efde7ee098875c4ccb5

SHA256
3fd91abd00ca63712d9070fb30868c85d3c6255b893962657badfd9cd1857fb7

SHA512
c3190f8a97ccb84f5d63a0a6a6670d3d5becc724f249c31335862ebc0700e840115f9c535259c7b29519b3828e3a6b83af23afddbf43827ea1b35189e666259f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe

Filesize
468KB

MD5
9df16ff60c52340a76ac55176c6e8c46

SHA1
c275e2ecc67ce78491dbe44e82b452068564da52

SHA256
431f281ec82c665f0a9578f6f24b63fcd289d4b93ccb12e6f150d57963f063a0

SHA512
ee4dad1166e5135a8f8ab2d55d5840c5d078a692f7e9c95f783f9fa9b30b5a65518634f8a5a4ad4c59f1daa87084b9f3656fb06c4e4db1a2ce287e46af7759fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe

Filesize
468KB

MD5
fe149b0d2524cde1d76ee7a1a77447f3

SHA1
f0f7b62e46faf4f0fcd0bad49e69306f956108a9

SHA256
2313bd963f35998125712b794dd17758da16d61f7e121c186d22b264b49f6da6

SHA512
a6741ed4319d0356edc8499e601c059187c23997ba17fb03b8d8442a0dcb6e8f3dd55bd83f4ac3ae307f85aa3dded003432f14c0cec49676ad6c917f1bfd5be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe

Filesize
468KB

MD5
01d3798dae9a824c95d036f62b7cf8aa

SHA1
843a4e87ce9dab1dd49bccbae7f504d6147fc269

SHA256
56eacf37e14fba5b8ac2f2506bb237e04f698e1432a576e2ab7e8cf1f0d6bd4a

SHA512
b9ae4be996e5c3ecd72b5b2dd35db5130249a758a0eff8c62cc9701ba601d45abdefc015881a2259150831f90ced00d60ea0768649bc9c50997e1fdd1f403ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38064.exe

Filesize
468KB

MD5
98a82a9b02ae5f30d0f32607bf4f5558

SHA1
90a39e5c48db5d32603216d2af07799b57feef96

SHA256
be170b0690715f7e0210a34e4d8a9ee9055bbe0432c25a081150454665ed83ee

SHA512
1c755df86892432b6398a5ae471a3f4675c6e7b7536f08ecbd3af518eb031e9198bb02a9cbd7b7cb54e036cda418cf7666cc61c95b4cc4a5cbb182cb01e70785

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe

Filesize
468KB

MD5
1af3dc289aa1c1e97ce6de545b0a9ec8

SHA1
13244aaae0842b2095a6de07031c6a6b94cb8aad

SHA256
c56a17ef81dbf21d8e58241a8c5565e7949c89c5f095409fab839b5e9779a693

SHA512
a2cffd2211081d3170fd1703d99a1656c8e243b45e417b578681235bfa32a2d388ad634c590dabb7de9410e2da201ca2011110c1d243d74663993c0c62fc725a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe

Filesize
468KB

MD5
8b099f45d8930c21f81f881d80ec367b

SHA1
ef4bc5c361295ee206ef4c9270430c681f4bd744

SHA256
02e1fd4645b006e8fa9ddd879c284a18472197e8db162bed3f3e571d231e3e4e

SHA512
99740716b2775afa98b90d762bb75d796965c47fb58586abe4c51baa957b4138fb617de8364224ae60881bb217e4ad3e4f835e7cc4c1cfe09504e7aea2fee0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45215.exe

Filesize
468KB

MD5
ef4e724d14280a5cda7b519359fdf469

SHA1
f94fca86cf10e6374b16b8cbea6521ea7e51d7cb

SHA256
0bad8205a65847bbac0af49dc403d96a2cb83cd0fa8982dd95905cbaca2825b7

SHA512
3f4e7f7324ba6dccb6b357206df929f4d453814d419bd62bb94b4c73741187f4a89fb8d8f6155555fe7a34712a07e610b3bf8169db7740e9488a5047160d0fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48552.exe

Filesize
468KB

MD5
fd930ea263617e093b7d51ec7c491404

SHA1
7734de89dd700d624f092a7b03c35b675aee8bdf

SHA256
feb796e7be8213d18563eb74f9982bbb4db4888fa78976faf43b7e35e7bc5a3d

SHA512
29f4602043a3a5d1077acd8dd1c76352339201d58e6427172b57040bb68cc6b745de127365a680e38d1f51dd801609052cf71755c79639128ac5973f942f7815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe

Filesize
468KB

MD5
43ab2cb648bd7b6838f8251c495e33c3

SHA1
5aaaa14c033ef1c4fc1aab4b863f84a5b830350c

SHA256
41ca60e5617322be50787d33ffbae4dd4f7b28879e8466dd1159c2015a916b26

SHA512
f55f4bd71093b981337f26e81551fa3fbdee6ad384be78a9b46c02ca315c173a902de8bf0345e187145ae22f935a1ca54dd44e002c44c9a95cdf82228d509a3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe

Filesize
468KB

MD5
d8ef7294cedc7a85a5e2e2a4271b0d57

SHA1
4b148e23fda29d88a0bb395cde822e893a529753

SHA256
8225f113962bf1028db5b26410f4c2549c48992af5d4bdb8eaee6f30cba81acf

SHA512
d725ec274a234f0eb2dcbb9538a9adc93c9e316556f38d7c05805afb1bd5be97d53b30d68080cc95e9ab97d11def808d87685c6ae789608bcc34851fd174a406

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe

Filesize
468KB

MD5
67d948fe23892c2eed1cef2482da1896

SHA1
44a7b8a44c1d40d1978676def245428ddfcf659e

SHA256
0eff1f9245134e3b7ad402393b5316db3fe46bc3ea38cf53732640d043b08bf0

SHA512
aaf37b40e2e224938daa94e5b331bd363e67162fe138a1f10042ab192ee574e7b1fe5c91db8e18436ca1fd3680eaf83da93290f4f8e2e31762f710dc954d4bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe

Filesize
468KB

MD5
6be62812e01e8782e390e2399d4680bf

SHA1
444482b23dd8711e3b800fbc1ccbb80c211e986e

SHA256
057907d9c59a42998f63def52c4a905af1959b33b6ef09217039380acb5309d6

SHA512
7057419de2ce60027afb3efd31b97d87b5ceedb921b0e4988f16a1ba1e3b97ba4c3aa2d8cfe2f488787b782ea53bda179b15b766eab25fad8914292adb35406d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe

Filesize
468KB

MD5
d04a65921bb0bfe428d64c27ec4e3ebe

SHA1
82923b69c85b0b6d220cc2715d1e0a5fe51a4e34

SHA256
65ff29b4c5f5ae572b2690fb72c8edc39d70a741f93d69e4aca58eb49c49708e

SHA512
597f7063566bd48de057ceb3766e1272cf7b860711a5b80286f36278d72b9bbe43a96b260182929d3b2399ee4bad32f1dfcc669f6e006c31144c1b7703520488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe

Filesize
468KB

MD5
1e48c2ac95baafd899c81a8abaf9c0ea

SHA1
bd4d1793f11410bdc7fc59e629ee7db96244154c

SHA256
2485e20bba334ab1a883febaf6bef0f20d791310f83e3c5177604feb51f1fbb8

SHA512
e8de476fec53b5d4ece3ba43ab8deeb7b9a70b912a187f2b87f7842e12a38269b00ed9ddda793953b734eb983e0011f5039c0af61041e9ffb7e29cd82dab53ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe

Filesize
468KB

MD5
6be3d7f1dee20efce9fc25a2ede7aab3

SHA1
ca525e291bd09ce96e1aee25ebc823fa747aaef4

SHA256
73e7a097a2a0a98f6d75aea703043f83d5522ce87b8cf3ef04ba418a1d073428

SHA512
02963b224855d7593340235a989bec370063bff04d6997a1c793b3f972db0928369a316daeb54d75cf6be5a14bc1ec1d86f93f73ce70444748988dc3e1cc369a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe

Filesize
468KB

MD5
624852340acd36e803a77ccf2d4f77a4

SHA1
3b9dee9ac456d837940a1534cf51eb3a57c84970

SHA256
2aa385f8d6ee106d20ad9f6021090627c7156c42842568299f14099205a591d7

SHA512
215572c43d709e6d7b3bda48e5d2e2599421de94d80422f12ce0aba110c6e70b5e02f310f4945c43b57eb7fbde996569b58ee850caf8bcfe98b305ae9503ed33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe

Filesize
468KB

MD5
decfa19def675cc7b9844bc6016720ff

SHA1
f5e9bca7e04e4c1d50d4dd84cc19d5b1d3d57b1e

SHA256
fefb6db5c3c456ffecaa941888a3e9f79c24aace217175e97f76922f1e96e393

SHA512
b9c0e7fc3e663b132938e7d36e95b08c1b76a1494c1535775e4c66899ab63c0e79e944621786ad4048aeb6e9ebdf5f7b6ba58a9550b03d8369c2d0fa6c3cc161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe

Filesize
468KB

MD5
f7dcc653cd815e4bf05f0cf989c01858

SHA1
862400d71a3ed28733d468bb8b2eccf6c909c080

SHA256
f133395a3c4885cd7be79bceb76fa4b9991edb27a91196cd36ab3c6cda1495d2

SHA512
6c9b09591fcaf6da3f62373674f85335714d2e390d11c19efa821aafc72ee1715bee47791ecaf997d287d815eb0b194d2855e2c2b22e9cfbd41593c42ffd8194

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads