b4786ea096d4e45c00c969c5e4beebf4e8deef0a6192046dc881b97924b9e2e8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe
Size

468KB
MD5

70d4f79b70c607107f3724c9d4ca85b0
SHA1

bbaed8b48c970d796206e0eadf1eb087d11bdc87
SHA256

b4786ea096d4e45c00c969c5e4beebf4e8deef0a6192046dc881b97924b9e2e8
SHA512

5ea7704877be6f9985d2a59c1991a0661663dc6df4612e4131aa0e58ba4955f3f492fbc01f45bb2f72007b5f45e1965a9e5ae25cf1f09b2a5cb7f0f99449379d
SSDEEP

3072:1bACogI8I05UtGYdPzcjbf8/EChChIpWsmHexVfuoIF+AvFuDvl3:1b1oB8UtJP4jbfR0raoI8WFuD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1364	Unicorn-59931.exe
4084	Unicorn-44187.exe
212	Unicorn-24321.exe
4580	Unicorn-26507.exe
892	Unicorn-26507.exe
4292	Unicorn-7902.exe
4748	Unicorn-21637.exe
3392	Unicorn-30664.exe
3256	Unicorn-30664.exe
2068	Unicorn-30664.exe
224	Unicorn-30664.exe
3208	Unicorn-55753.exe
3488	Unicorn-42017.exe
3296	Unicorn-12417.exe
2104	Unicorn-56729.exe
3948	Unicorn-119.exe
4336	Unicorn-47675.exe
2184	Unicorn-27809.exe
2108	Unicorn-64011.exe
2752	Unicorn-64011.exe
3020	Unicorn-65272.exe
4888	Unicorn-45407.exe
408	Unicorn-59142.exe
4796	Unicorn-15002.exe
2844	Unicorn-50098.exe
3652	Unicorn-30497.exe
4596	Unicorn-50363.exe
5084	Unicorn-41433.exe
2604	Unicorn-15038.exe
4256	Unicorn-43775.exe
2520	Unicorn-44040.exe
3536	Unicorn-12026.exe
2652	Unicorn-48783.exe
592	Unicorn-54507.exe
3408	Unicorn-35326.exe
4860	Unicorn-38280.exe
3384	Unicorn-5415.exe
2968	Unicorn-54808.exe
1976	Unicorn-54808.exe
1888	Unicorn-15429.exe
1172	Unicorn-37896.exe
4288	Unicorn-63753.exe
4804	Unicorn-50018.exe
4484	Unicorn-53355.exe
1508	Unicorn-40584.exe
1092	Unicorn-20718.exe
3912	Unicorn-47790.exe
4524	Unicorn-7719.exe
740	Unicorn-6769.exe
972	Unicorn-23864.exe
3516	Unicorn-23864.exe
1068	Unicorn-20334.exe
5092	Unicorn-34069.exe
1832	Unicorn-40200.exe
3136	Unicorn-52322.exe
1820	Unicorn-47798.exe
624	Unicorn-36862.exe
2144	Unicorn-50598.exe
4880	Unicorn-31560.exe
708	Unicorn-5717.exe
2160	Unicorn-14647.exe
3036	Unicorn-11118.exe
4464	Unicorn-39.exe
3940	Unicorn-61362.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
12528	6720	WerFault.exe	280
12688	6536	WerFault.exe	276
12700	2724	WerFault.exe	282
15904	6692	WerFault.exe	281
16356	6676	WerFault.exe	801
16332	14796	WerFault.exe	731
15612	9084	WerFault.exe	405
13744	12956	Process not Found	1177

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5620	dwm.exe
Token: SeChangeNotifyPrivilege	5620	dwm.exe
Token: 33	5620	dwm.exe
Token: SeIncBasePriorityPrivilege	5620	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe
1364	Unicorn-59931.exe
4084	Unicorn-44187.exe
212	Unicorn-24321.exe
4580	Unicorn-26507.exe
4292	Unicorn-7902.exe
4748	Unicorn-21637.exe
892	Unicorn-26507.exe
3256	Unicorn-30664.exe
3392	Unicorn-30664.exe
224	Unicorn-30664.exe
3296	Unicorn-12417.exe
3488	Unicorn-42017.exe
3208	Unicorn-55753.exe
2068	Unicorn-30664.exe
2104	Unicorn-56729.exe
3948	Unicorn-119.exe
2184	Unicorn-27809.exe
4336	Unicorn-47675.exe
4888	Unicorn-45407.exe
2844	Unicorn-50098.exe
2108	Unicorn-64011.exe
408	Unicorn-59142.exe
2752	Unicorn-64011.exe
3020	Unicorn-65272.exe
5084	Unicorn-41433.exe
2604	Unicorn-15038.exe
4596	Unicorn-50363.exe
3652	Unicorn-30497.exe
4796	Unicorn-15002.exe
4256	Unicorn-43775.exe
2520	Unicorn-44040.exe
3536	Unicorn-12026.exe
2652	Unicorn-48783.exe
592	Unicorn-54507.exe
3408	Unicorn-35326.exe
4860	Unicorn-38280.exe
3384	Unicorn-5415.exe
2968	Unicorn-54808.exe
1172	Unicorn-37896.exe
1976	Unicorn-54808.exe
1888	Unicorn-15429.exe
4288	Unicorn-63753.exe
4484	Unicorn-53355.exe
1508	Unicorn-40584.exe
3912	Unicorn-47790.exe
4804	Unicorn-50018.exe
1092	Unicorn-20718.exe
5092	Unicorn-34069.exe
4524	Unicorn-7719.exe
1068	Unicorn-20334.exe
740	Unicorn-6769.exe
3516	Unicorn-23864.exe
972	Unicorn-23864.exe
1832	Unicorn-40200.exe
624	Unicorn-36862.exe
1820	Unicorn-47798.exe
2144	Unicorn-50598.exe
3136	Unicorn-52322.exe
4880	Unicorn-31560.exe
3036	Unicorn-11118.exe
708	Unicorn-5717.exe
2160	Unicorn-14647.exe
4464	Unicorn-39.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1364	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	88
PID 736 wrote to memory of 1364	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	88
PID 736 wrote to memory of 1364	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	88
PID 1364 wrote to memory of 4084	1364	Unicorn-59931.exe	93
PID 1364 wrote to memory of 4084	1364	Unicorn-59931.exe	93
PID 1364 wrote to memory of 4084	1364	Unicorn-59931.exe	93
PID 736 wrote to memory of 212	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	94
PID 736 wrote to memory of 212	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	94
PID 736 wrote to memory of 212	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	94
PID 4084 wrote to memory of 4580	4084	Unicorn-44187.exe	97
PID 4084 wrote to memory of 4580	4084	Unicorn-44187.exe	97
PID 4084 wrote to memory of 4580	4084	Unicorn-44187.exe	97
PID 212 wrote to memory of 892	212	Unicorn-24321.exe	96
PID 212 wrote to memory of 892	212	Unicorn-24321.exe	96
PID 212 wrote to memory of 892	212	Unicorn-24321.exe	96
PID 1364 wrote to memory of 4292	1364	Unicorn-59931.exe	98
PID 1364 wrote to memory of 4292	1364	Unicorn-59931.exe	98
PID 1364 wrote to memory of 4292	1364	Unicorn-59931.exe	98
PID 736 wrote to memory of 4748	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	99
PID 736 wrote to memory of 4748	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	99
PID 736 wrote to memory of 4748	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	99
PID 4292 wrote to memory of 3392	4292	Unicorn-7902.exe	102
PID 4580 wrote to memory of 2068	4580	Unicorn-26507.exe	103
PID 4292 wrote to memory of 3392	4292	Unicorn-7902.exe	102
PID 4580 wrote to memory of 2068	4580	Unicorn-26507.exe	103
PID 4292 wrote to memory of 3392	4292	Unicorn-7902.exe	102
PID 4580 wrote to memory of 2068	4580	Unicorn-26507.exe	103
PID 4748 wrote to memory of 224	4748	Unicorn-21637.exe	104
PID 4748 wrote to memory of 224	4748	Unicorn-21637.exe	104
PID 4748 wrote to memory of 224	4748	Unicorn-21637.exe	104
PID 892 wrote to memory of 3256	892	Unicorn-26507.exe	105
PID 892 wrote to memory of 3256	892	Unicorn-26507.exe	105
PID 892 wrote to memory of 3256	892	Unicorn-26507.exe	105
PID 1364 wrote to memory of 3208	1364	Unicorn-59931.exe	106
PID 1364 wrote to memory of 3208	1364	Unicorn-59931.exe	106
PID 1364 wrote to memory of 3208	1364	Unicorn-59931.exe	106
PID 212 wrote to memory of 3488	212	Unicorn-24321.exe	107
PID 212 wrote to memory of 3488	212	Unicorn-24321.exe	107
PID 212 wrote to memory of 3488	212	Unicorn-24321.exe	107
PID 736 wrote to memory of 3296	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	108
PID 736 wrote to memory of 3296	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	108
PID 736 wrote to memory of 3296	736	70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe	108
PID 4084 wrote to memory of 2104	4084	Unicorn-44187.exe	109
PID 4084 wrote to memory of 2104	4084	Unicorn-44187.exe	109
PID 4084 wrote to memory of 2104	4084	Unicorn-44187.exe	109
PID 3256 wrote to memory of 3948	3256	Unicorn-30664.exe	110
PID 3256 wrote to memory of 3948	3256	Unicorn-30664.exe	110
PID 3256 wrote to memory of 3948	3256	Unicorn-30664.exe	110
PID 892 wrote to memory of 2184	892	Unicorn-26507.exe	111
PID 892 wrote to memory of 2184	892	Unicorn-26507.exe	111
PID 892 wrote to memory of 2184	892	Unicorn-26507.exe	111
PID 3488 wrote to memory of 4336	3488	Unicorn-42017.exe	112
PID 3488 wrote to memory of 4336	3488	Unicorn-42017.exe	112
PID 3488 wrote to memory of 4336	3488	Unicorn-42017.exe	112
PID 3392 wrote to memory of 2752	3392	Unicorn-30664.exe	113
PID 3392 wrote to memory of 2752	3392	Unicorn-30664.exe	113
PID 3392 wrote to memory of 2752	3392	Unicorn-30664.exe	113
PID 224 wrote to memory of 2108	224	Unicorn-30664.exe	114
PID 224 wrote to memory of 2108	224	Unicorn-30664.exe	114
PID 224 wrote to memory of 2108	224	Unicorn-30664.exe	114
PID 3296 wrote to memory of 3020	3296	Unicorn-12417.exe	115
PID 3296 wrote to memory of 3020	3296	Unicorn-12417.exe	115
PID 3296 wrote to memory of 3020	3296	Unicorn-12417.exe	115
PID 4292 wrote to memory of 4888	4292	Unicorn-7902.exe	116

C:\Users\Admin\AppData\Local\Temp\70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\70d4f79b70c607107f3724c9d4ca85b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        11⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        10⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        10⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63382.exe
        9⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        9⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        10⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        10⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        10⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        9⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        9⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        8⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        9⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        9⤵
        
        PID:17344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        8⤵
        
        PID:19476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        9⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49736.exe
        10⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        9⤵
        
        PID:19112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3966.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        8⤵
        
        PID:20176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        7⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        9⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        9⤵
        
        PID:19776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        8⤵
        
        PID:19424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        8⤵
        
        PID:16792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        7⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        8⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        7⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        7⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        6⤵
        
        PID:19588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        9⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        9⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        9⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
        8⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        9⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        9⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        8⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        8⤵
        
        PID:20324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        7⤵
        
        PID:19060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        9⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        9⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        8⤵
        
        PID:20372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        8⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        8⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        7⤵
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5127.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        7⤵
        
        PID:19884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        9⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
        8⤵
        
        PID:17840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        8⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        7⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        7⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 632
        7⤵
        Program crash
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        6⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38118.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        8⤵
        
        PID:19304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        7⤵
        
        PID:20164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
        6⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        6⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        5⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        6⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        6⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exe
        5⤵
        
        PID:19484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        9⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        8⤵
        
        PID:18472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        6⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        9⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        7⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        7⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        8⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
        8⤵
        
        PID:19568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        7⤵
        
        PID:18940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:13576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        6⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        5⤵
        
        PID:19448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        7⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
        8⤵
        
        PID:19744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        7⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        6⤵
        
        PID:10852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        6⤵
        
        PID:19380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        7⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        7⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        5⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        5⤵
        
        PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        7⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        7⤵
        
        PID:19620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
        5⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        6⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4478.exe
        5⤵
        
        PID:12764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
        6⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        6⤵
        
        PID:19360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        5⤵
        
        PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
      4⤵
      PID:17360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        9⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        9⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        8⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3345.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        6⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        8⤵
        
        PID:20076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        7⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13425.exe
        7⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        6⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
        7⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        6⤵
        
        PID:11340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        5⤵
        
        PID:17812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        8⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        9⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        9⤵
        
        PID:13996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        9⤵
        
        PID:20284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        8⤵
        
        PID:19692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        7⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        7⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        8⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27629.exe
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
        6⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29511.exe
        7⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        5⤵
        
        PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41595.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 68
        9⤵
        Program crash
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        8⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        6⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        7⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        7⤵
        
        PID:19960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        6⤵
        
        PID:15588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        6⤵
        
        PID:20172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        5⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      4⤵
      PID:6348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
      4⤵
      PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
      4⤵
      PID:18932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        8⤵
        
        PID:19764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        7⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        6⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        7⤵
        
        PID:12800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        7⤵
        
        PID:19836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        
        PID:17060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        6⤵
        
        PID:16928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        5⤵
        
        PID:12840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        5⤵
        
        PID:18576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        5⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        7⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37159.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27173.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        6⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        7⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        5⤵
        
        PID:14492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
        5⤵
        
        PID:19344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
      4⤵
      PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        8⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        6⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        5⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
        6⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50974.exe
        5⤵
        
        PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
        6⤵
        
        PID:18804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        5⤵
        
        PID:19328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
      4⤵
      PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        5⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
      4⤵
      PID:19700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        5⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4470.exe
        5⤵
        
        PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
      4⤵
      PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        5⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        6⤵
        
        PID:16748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
      4⤵
      PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
      4⤵
      PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
      4⤵
      PID:19916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      4⤵
      PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      4⤵
      PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
      4⤵
      PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
    3⤵
    PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
    3⤵
    PID:12352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
    3⤵
    PID:788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        10⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        9⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        8⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        8⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        9⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        8⤵
        
        PID:20276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        7⤵
        
        PID:17636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        6⤵
        Executes dropped EXE
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        9⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        8⤵
        
        PID:18308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        7⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        7⤵
        
        PID:19992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        8⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14796 -s 468
        9⤵
        Program crash
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        8⤵
        
        PID:18824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16053.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        7⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
        6⤵
        
        PID:13436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2359.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        9⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61503.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        7⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        7⤵
        
        PID:19740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26021.exe
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34200.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        7⤵
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        6⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        7⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        9⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        8⤵
        
        PID:19008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        7⤵
        
        PID:20156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        7⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        6⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        8⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        8⤵
        
        PID:18484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        7⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        6⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44795.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12083.exe
        6⤵
        
        PID:18176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        8⤵
        
        PID:19240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        7⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        7⤵
        
        PID:13784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        7⤵
        
        PID:19152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45982.exe
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18808.exe
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:13240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        6⤵
        
        PID:19144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2238.exe
        5⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3615.exe
        6⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        5⤵
        
        PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        7⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        5⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        5⤵
        
        PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        6⤵
        
        PID:19172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        5⤵
        
        PID:19952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
      4⤵
      PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49800.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        5⤵
        
        PID:19684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
      4⤵
      PID:17024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        6⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        9⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        9⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        9⤵
        
        PID:18736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        8⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        8⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        7⤵
        
        PID:18052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16305.exe
        8⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        8⤵
        
        PID:20040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        7⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        6⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        7⤵
        
        PID:19200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
        6⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        5⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        8⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        8⤵
        
        PID:19400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        7⤵
        
        PID:15532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
        7⤵
        
        PID:18836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        6⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
        8⤵
        
        PID:13604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        8⤵
        
        PID:20352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        7⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60582.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        7⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        5⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        8⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        7⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5939.exe
        7⤵
        
        PID:19888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        5⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
        5⤵
        
        PID:19580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:20092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        5⤵
        
        PID:18892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        5⤵
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
      4⤵
      PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22926.exe
      4⤵
      PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
      4⤵
      PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        7⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        6⤵
        
        PID:16708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        6⤵
        
        PID:10868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 616
        6⤵
        Program crash
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9854.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        5⤵
        
        PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        6⤵
        
        PID:16340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61119.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
      4⤵
      PID:4812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        6⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        7⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
        6⤵
        
        PID:13652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47134.exe
        5⤵
        
        PID:19972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        5⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        6⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        6⤵
        
        PID:20044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 616
        5⤵
        Program crash
        
        PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33327.exe
      4⤵
      PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
      4⤵
      PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
    3⤵
    PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        5⤵
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
      4⤵
      PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
    3⤵
    PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
      4⤵
      PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
    3⤵
    PID:11876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
    3⤵
    PID:16556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48543.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        8⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        7⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        7⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        7⤵
        
        PID:20204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        6⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
        7⤵
        
        PID:18992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10894.exe
        6⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2990.exe
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        5⤵
        
        PID:16952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13318.exe
        8⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        7⤵
        
        PID:15008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        7⤵
        
        PID:19548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26270.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54873.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
        5⤵
        
        PID:19460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
      4⤵
      PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        7⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        5⤵
        
        PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        8⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        7⤵
        
        PID:20084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        6⤵
        
        PID:14324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:20032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        6⤵
        
        PID:19832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        5⤵
        
        PID:19096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        6⤵
        
        PID:19496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        5⤵
        
        PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
      4⤵
      PID:17588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        5⤵
        
        PID:13404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
        5⤵
        
        PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
      4⤵
      PID:9712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
        5⤵
        
        PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
      4⤵
      PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      4⤵
      PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        5⤵
        
        PID:20064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      4⤵
      PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
      4⤵
      PID:12532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31413.exe
    3⤵
    PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
      4⤵
      PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
    3⤵
    PID:6816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
    3⤵
    PID:17632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        8⤵
        
        PID:19024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:13336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        7⤵
        
        PID:18984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        6⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        5⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
        5⤵
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        5⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        5⤵
        
        PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5331.exe
      4⤵
      PID:18424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50043.exe
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34728.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        7⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        5⤵
        
        PID:19468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        6⤵
        
        PID:15880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 656
        6⤵
        Program crash
        
        PID:15612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 660
        5⤵
        Program crash
        
        PID:12688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13176.exe
      4⤵
      PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
        5⤵
        
        PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
      4⤵
      PID:19392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39608.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        5⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
      4⤵
      PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
      4⤵
      PID:20008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47849.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
    3⤵
    PID:13024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
    3⤵
    PID:19036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
      4⤵
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        5⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
        6⤵
        
        PID:16676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
      4⤵
      PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
      4⤵
      PID:19800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
      4⤵
      PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14049.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        5⤵
        
        PID:18976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
      4⤵
      PID:11104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52424.exe
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
      4⤵
      PID:12792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
    3⤵
    PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47384.exe
      4⤵
      PID:16624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
    3⤵
    PID:10584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
    3⤵
    PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
    3⤵
    PID:20056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41049.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        5⤵
        
        PID:19124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      4⤵
      PID:14276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
    3⤵
    PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
      4⤵
      PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
      4⤵
      PID:17620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
    3⤵
    PID:7060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
    3⤵
    PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
    3⤵
    PID:17648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
  2⤵
  PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
    3⤵
    PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1822.exe
      4⤵
      PID:14564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
    3⤵
    PID:10620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
    3⤵
    PID:1136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
  2⤵
  PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
    3⤵
    PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
      4⤵
      PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
    3⤵
    PID:13804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
    3⤵
    PID:19312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
  2⤵
  PID:10308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
  2⤵
  PID:14632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
  2⤵
  PID:19440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6720 -ip 6720
1⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6536 -ip 6536
1⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2724 -ip 2724
1⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6692 -ip 6692
1⤵
PID:15128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 9084 -ip 9084
1⤵
PID:3988

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe

Filesize
468KB

MD5
c259a0c1d72199d921631dda1b8381dd

SHA1
4e15620ce9fc7a9654f14fb87435cb922c8ca222

SHA256
fc0b57eff763599fc03c380d1e3c75406dc6a2d665f0450aea277a3d2ada4e69

SHA512
61b843f1fbf6f0182db4e54584b7d103b64484bc5f5fb04cc00b54a22dab00538cd9a32b7268722170e9c7b9f9f8e49ca5a2a98d35e45f505ff1c4e1753d4527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe

Filesize
468KB

MD5
0e448ffe014768d50ae5de8233ffe0f4

SHA1
88a180eef3c2df14e56efdfaaad72c2bd90d84ca

SHA256
c812f8dd9b229be48c7cf8b74d38993e027d4a7beb4a67ef4b6fe5d3db7384c1

SHA512
a30f3ed389267ebe8607a100dc980f45db21e45001ff24d6d42fea3f18f096a776a1cb1fc55cd63cd9c21997658b95d1bb8a4d485710301a24dc45e21529c4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe

Filesize
468KB

MD5
3ef9533b76d1e25c495a9f0f5a75a709

SHA1
5cde72246d99e04d434d93a6a8d3440abd1c4f19

SHA256
534b163461c6b03ce874b57b31444f04f237710f6910d5d5ef50ef06b35d0ea5

SHA512
a1fe7ebe3d9eeb019ff4f14913d32b1780518e43dc7ad284d4682ca04285e130b89f72e8fae434ab08b0d371481664bf21baa854d1e3845f7818c68795704fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe

Filesize
468KB

MD5
39aae6be9c9e96db207ebcb5f4085c48

SHA1
db049b5fbb1ea556a50d48cf6bf52f4fb6a621ce

SHA256
955d2b21ae2aa3c296509a96fb31307e33e5ec466441941b00471b4a7b78510e

SHA512
0367d41b532bdb5f11e1aae6ebfea9eb51518477fdc3ef77141cc5b72dcc5a506d0ee31f9ef0366f694eed6283ef66b3dd45ffd9680acc123e8b2115b80722a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe

Filesize
468KB

MD5
f7a7a07316ca22a5c2daf89cb18c8783

SHA1
8cd8f19f13436dce9cdc22c111f0d369bde98b21

SHA256
d1d8b74e474693c17a2a8a3b9cfbf07eba71aecffb8aca5e1e933c5726a41c8e

SHA512
5fa5f4c6670d882fcb6853617f12138f95d34db67dcc10ddacf21b2095fe69468a6dc4021a9bf8daecd8c51209ff3b8f171205d5f65b6d204ea48a835785f3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe

Filesize
468KB

MD5
be55edb83669be224382bb726a860ad4

SHA1
a780191ff52f2c665f47b9aa856338b93d5e52b1

SHA256
d3f8929dae962a80a486eef0ec5c796b48372c79afbad75a9e909432f0e115e5

SHA512
f625474af00695ba272b4100fb153909c2221ebc0ae729906771d7069aee0a4e32df237be2e2f1f32bb3743b6a974b7d63ad6d6aeab999f5267095917f83cd93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe

Filesize
468KB

MD5
ea82fe4d50d334f3ba7c95b317001bde

SHA1
0dab58c5a6d0dfafe91b943916f3b0f67d5cc96f

SHA256
750f15d026462ba67ba4ccb921f60720bbcb46441e9ea17226b78bd8afac1c2f

SHA512
d3e3e1cefc7008800f83b3dceacc57b6ae62afcf5612289e9af8d64a1b8612b5d6a600f3966ad4f23b222f5ffe56cd4a1f26c6094a4b0e2f29812fea13942159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe

Filesize
468KB

MD5
fee38ca11ae0c12a7d1b57685839a3ac

SHA1
aade78c23e885943cbf869c93fa27841b242b4a1

SHA256
aad134624675dd39db7bdb516ddea0fc0ada64a830b94284ebc5407f7387bbc1

SHA512
ec77af7f5216f31740d67eb38c72dba5cd81c01bdd0fcf0731fcf007579425b7dc6b160288b075da1820c407ba96ce4a2329d468c69167feacd2169eb7b5480c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe

Filesize
468KB

MD5
5cd90504e65b0d791aa5b5961bbdaf4d

SHA1
488611dfcbe25a9588e894b6a7015eea527f14d8

SHA256
62a3945c293cc17f6608697e2fb80ea7c2fe71ba8046c698662d116ee617615d

SHA512
d38ce716779e2bc1db6edcc7df9e1b774ca18fba4132871b63511ef4f055fd39755bac62e9cb9a131ec2fec79f24cc11a6d55a65e5bde778f26d246a1a19e194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe

Filesize
468KB

MD5
8c8fc20cf603d5681e158d3fe880bae6

SHA1
277f4ebcbe12f6648410cfaf832eb282b48566a6

SHA256
0f8fc0093260be33ad66968d9e8ee9c67c9d8c9be8ec91bc40e9e8bfed319874

SHA512
48f72f58c8ced2789f2e8dd74e43097a0401a3b6fd10dc13ba8aa3395607f31b2b61b3097e77b198acfb2f30e10636f65fe317b1dfdb7406e93a851287170e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe

Filesize
468KB

MD5
c25b2caecfa2f411c95d3c95e737433a

SHA1
a03ba83b53956d7155f072763adb633727676b24

SHA256
8113a686553ef2e3ac0a5444127d5e745c8b81c2c2234b0b32b38540e7144f87

SHA512
99981a7cc411a91eef5d85a9df12a9fc508d755785b0836d08755928dca8f91d62a7cfd086ab12c69666cc9ff37d7904057d97bb6c275e076bd13f6027826ba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe

Filesize
468KB

MD5
c6c452595b3f2f208b499e14e5c557ed

SHA1
57341bd12f35e2c8299fbb1235c7ec48ee350ac4

SHA256
4049313a93d868047e88293ff5626c845faee31f28e401d33debbdcaf27d414b

SHA512
b3741f41cb1d6482567c4685e836b04e9d2037598cec74a5f17e0553f6207f6ae05059de39c2e19f3e7247cde5eb3a42b0a11e93293025a5ae015a935aeaba03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe

Filesize
468KB

MD5
993da0e16c9a1679b5e5bc2ff268e159

SHA1
e7826248278169ee86233fe760fe3c19951200ae

SHA256
186a5b3e228c38bf1d5dc7c0b6a92120468747c769574191434f58f0485b8d0b

SHA512
d5bd17132a57a77ce92c44df92b41097bd382d750dfd1ba1bb0d3ee839374509fb51f8450af150f561502a72c0b46a435e6107722ce80d313ebed413fb022177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe

Filesize
468KB

MD5
f8ddf4c4a7718b78dbab3d00320386e3

SHA1
73dcb5eaf261b37b03622049dcaf8a606f2fd250

SHA256
6ab52aa63e26a2f745ae535fd1a91a1967195b5783efccc462fd680e0f8d1777

SHA512
3f968860276d318122e2cf40432c53af43a18ed674ae5f1b9c40d61d15adf5219f7bee98709784c3dcb3ca98548906c0f466e9ab3d28bc6539a9012270620614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43775.exe

Filesize
468KB

MD5
ea4bb893a2945c64a092db4b3e7256dd

SHA1
ad9ecb09f129372a6c9d9373a9f5228a7dd7649d

SHA256
35960204b9f52326a52277c8ecc0eb5a859994cd75629ab688bc6be8ffb0c8d3

SHA512
3ea553cbdd579cec132249fa8de376cb6b8d9c42c26a465e51c021e8c01e108d641fe2b1fe6bdb836d2bcd412d9c834ca98bc9a52b4cbd9be0dcfe1c704d2aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe

Filesize
468KB

MD5
5345ee578a062dd41742727f132d6370

SHA1
782d54bb3910ee9001da5c91e3c28d37c76d970c

SHA256
60c349229366a70fd4455188d0c689a494f45cb34e1ba8cc0a5f50b40642adc3

SHA512
40a6dc06f3aaf618d63e24fe18f3bdef7a5af75c5ce741c0b1e52cb1e9ad4ddad19da9ad26491a707299807fc67f1cfaf8cc311a3ff65062d29e53cbd5be4c09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe

Filesize
468KB

MD5
456a7dd5520aa86140e567694c56af41

SHA1
fbec3c0d61a5706babed83e29eaf234c37f227d4

SHA256
685bcc4b17a77aacd0a6111fd8ce889b7b99e4cbf957e65b970c01f49c9f587d

SHA512
6eb4414d96134c0115ae56710e1f9e8abc749e688db0aa35639a3369e63cfe650b208729284baae79447e46c8df5768fd184f168a7f6803e581f6757948752be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe

Filesize
468KB

MD5
2afe362131a0dde2de4b57f8d0d1b6eb

SHA1
6121da2b717f5cf0a1f8c9fcecb04c1058ef1db4

SHA256
aca01395a87134b50cc2f4c30e8bceb425b157817abbeecf883f22fa3393d995

SHA512
9fcd322ea81482ab1c0081f563949be68e1ee05b274355965bd89e9c5b7777b3e83bd84be2e1300d828934dc5f0cebe01c12019a86b4b2aea79ece833cbcdc6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe

Filesize
468KB

MD5
8619c51809410df8ffa18e8a6bfb0f19

SHA1
de10f3641b75a29930c06f2d950bc2e81ec5d0dc

SHA256
02a85897aa47e66a1951c0eea7213c3e9dc074865ca28091b0ee3010eb167de3

SHA512
67a9c572bbcf87bd2995404ba35c976af5f76a3a45eab466b81d5540beebf22e3c2194af1e799c70f556c3a67a0652e56b7cc1b3d49f0a6e8600cdb63bce5584

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe

Filesize
468KB

MD5
4fb04992638f72a6ad6429e544cda4f3

SHA1
c8772fc53f2e5ec96bae1a0f28a675fb9ec47e97

SHA256
83aac56ee4224b31c89ddb8d8a52f1ad0cd61fd3b22e0ff59cd22c86f8807966

SHA512
a8b2c88f74506bcff4a03942bbdf17e7d754c72e8fd1cf134266a38e083cc0e34626610ea768faf143b098947cfaa38a36f6f12e968913518b91b913847e5858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe

Filesize
468KB

MD5
51df3c3036fa4357032113cb8e0e452e

SHA1
05de3f7e57c5186ac773fb281e39e0036644e7b9

SHA256
69710ca89e0fa3bedfbde48a3f06e7455f14a29447f3b4d035d653cf8b1b8bef

SHA512
826eda0427b375a9176f9e0c6945cdcb8ef639ae624c47ffaad428075eb4d5c3f85096cab68db017ab1097a7e51d68b5e2ed666067ce3d4967fb200c990f5909

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe

Filesize
468KB

MD5
dfb21f55c9757f975db344901514019a

SHA1
fc9649713a65a8821c2206cd1a7ca4b34de88639

SHA256
924fd7cd02a937a473a20604d78e9aaa6c904754b2158656268597d92f75f2bd

SHA512
fe669381dd9a7d6215dac584f8dbeb0023d0e954ae1e2f6df4f44f95863034cf83e2b6f98bffe1647c153b5a13cd6a2fc0538eae361123e553dcb8b04437aefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe

Filesize
468KB

MD5
81a059cb33347a3f9b398e5cdb4dedf9

SHA1
1a48d4487b1a03a2f9f2f49e33293c2f3715e22f

SHA256
d2fc3d380435cf1defd07fcb6cfa9516be6caecc36cca0b3f1ab5d0bc0b72721

SHA512
e22c085a93a4ed1f9d514a7e6e3137bc254aac9098ce26086c753ce5d093bdcbc1071a0b36ce51048d8ce1ccef0d59d19912088b16b60a1927d1ece50fd82b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe

Filesize
468KB

MD5
c35677eb415132fe01543a5a238f1de7

SHA1
a4e5032fc3b2ef4bed97ee053531101505581f02

SHA256
8cf2a57053a9de4086cef29035c6b35474d14d3e56629efa045b18bd948dfbbf

SHA512
15222fd81b20d227d98790edfae762bdac30171737a76fd335943ac4663a9fb1cb6a2bafbee4c13ac32ef11a637f6a84f64168d0e52f2a09fd713cad941cd86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe

Filesize
468KB

MD5
16f7081217a65fcad9ca1afd62b238ae

SHA1
a5bd48482c99a253e6cbac42854fe5ada17837e6

SHA256
e01a22cfe8243f81dce6d9e1ff976d2f3fd61c3896b0f4e13ce8f2340dcdad42

SHA512
30a3afcd43fe2977af22065cf50ef3d6ca9a0bf0c14cc38dd257a0fa6d7ecfbfeb42875f8e07d62012f4e4aedbf3292ff4d6ff2c22bebb393db84e410a96d15b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe

Filesize
468KB

MD5
90122007fcaabdc6aac87f6a513dfc5a

SHA1
01af0445b7c948c8159d4cd28d2707f53ba19a82

SHA256
5ff45fbc2c46d8767127c5d27c9cd1087baa913771d51a549570d27356816b0f

SHA512
cfdf61a5ed8da0825b48223ce6b81c4d868a770e94899c6b795cb26524d3dbb06fad55e71b105f52faaa92ca999c603c7aa89e647ff39e535faae6e8e896f669

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe

Filesize
468KB

MD5
bb4dbaf7827fa5d61907086d70281811

SHA1
b0a3593744b9e1512c18c7a2fae3cbc4793bfda2

SHA256
27e98bc07d943027b96f558a876c7d621361d911af53da8460b80cb8eaea1626

SHA512
3c1bd1f29fcc5a933ef5b18b8b913a6378735a3df47aab85b849faa861de39b7c5fa3046f5d2af03d1341111797f17d440da35102cee6bfea598d9d4981a5bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe

Filesize
468KB

MD5
8a9af0efd664ec6c3f595aa3d94358a4

SHA1
8d1f74390fa6323344c50085cb2162878085ac10

SHA256
872e4b0177950506638e84e1104c0232d59a02abc8bf458a51858d2a9eb94534

SHA512
0d181cab7123852017baa98bc02d5757398b790594381b081edaa2fa9ce657146ece5ec56476336ad7bd6ac72b6480419a9501a0fd21ef8f711dff3373c66463

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe

Filesize
468KB

MD5
938fac231ad3916979fa99494d0ba8e3

SHA1
375d4cec851866fa7165e01c965c8b708b21fde7

SHA256
75b406ac2104767ae4fdd19969250df28734720e4a38d9f618b701ec7b1dff7b

SHA512
6c64513ce399f9c068237888f4ba36c1b81457a2e88b3284aa163c48c85570e82e6050daf14e55df16072caac2d3ea71d6faa16ceed09086f6da8995832e7ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7902.exe

Filesize
468KB

MD5
dc4adaf9cdb0ba731537790028dd55ab

SHA1
98b9b0e5538dfec88c52dfbb60c3c028fbe18be2

SHA256
cacbce28bfcd4b733608dd300f1ae087310f7a49f240f034a85addb9a882d889

SHA512
b5d343b732192f1d666c84d85f8935407dc53ce0c74a459987f8056431242404b49b7b62e5223cc23dc1faf6a140389215c89feb6926b7955289200422d0a953

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads