79742118eba4d069dd6d911dbf87bac6e45e22bef32dbe13c13970928aa466f6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 14:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe
Size

184KB
MD5

1b6a9bee9343229635df338de034f180
SHA1

5c5cefad7b44350b66046192742ca07b2f0a2664
SHA256

79742118eba4d069dd6d911dbf87bac6e45e22bef32dbe13c13970928aa466f6
SHA512

3ebf3c5faef05de99f4f1077a05e81d4221bb23ee0abc80be70895eef0c5d5838b11fc6fe0e07709647834ae9a1b5789e6af2e1e6ed6b6d9510f9a1b88caf208
SSDEEP

3072:qS4fiUonwIJezl2tWWr8b2zx6vNqnviug:qSGoF0l2D8yzx6Vqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2380	Unicorn-63723.exe
1292	Unicorn-28695.exe
2084	Unicorn-12913.exe
1096	Unicorn-18939.exe
3400	Unicorn-18939.exe
3424	Unicorn-52358.exe
3260	Unicorn-25060.exe
4780	Unicorn-63103.exe
3016	Unicorn-2205.exe
608	Unicorn-22071.exe
4552	Unicorn-59574.exe
4544	Unicorn-7772.exe
392	Unicorn-38791.exe
5048	Unicorn-42610.exe
3020	Unicorn-8593.exe
4512	Unicorn-62.exe
5028	Unicorn-20653.exe
4424	Unicorn-40711.exe
4420	Unicorn-32543.exe
2808	Unicorn-12677.exe
812	Unicorn-50917.exe
3864	Unicorn-61131.exe
4492	Unicorn-33097.exe
2928	Unicorn-7846.exe
4504	Unicorn-15749.exe
1944	Unicorn-9884.exe
4988	Unicorn-7084.exe
3096	Unicorn-51531.exe
1680	Unicorn-37233.exe
4920	Unicorn-18837.exe
3644	Unicorn-55039.exe
3856	Unicorn-7876.exe
4636	Unicorn-43533.exe
1136	Unicorn-19243.exe
2528	Unicorn-16097.exe
1032	Unicorn-27795.exe
4476	Unicorn-24265.exe
4876	Unicorn-59891.exe
396	Unicorn-55807.exe
4144	Unicorn-476.exe
4628	Unicorn-10690.exe
1592	Unicorn-56362.exe
4800	Unicorn-10425.exe
2996	Unicorn-29448.exe
2988	Unicorn-51915.exe
1212	Unicorn-43747.exe
4392	Unicorn-63902.exe
3060	Unicorn-51915.exe
3108	Unicorn-55999.exe
3592	Unicorn-55038.exe
1876	Unicorn-36133.exe
3436	Unicorn-47069.exe
3808	Unicorn-8718.exe
4620	Unicorn-12973.exe
2776	Unicorn-24671.exe
3900	Unicorn-28490.exe
1028	Unicorn-33031.exe
3624	Unicorn-18732.exe
4872	Unicorn-59573.exe
848	Unicorn-57535.exe
4584	Unicorn-16237.exe
2216	Unicorn-721.exe
2004	Unicorn-38075.exe
4172	Unicorn-23776.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
8044	7416	WerFault.exe	300
6488	6008	WerFault.exe	213
8012	6240	WerFault.exe	229
8856	7416	WerFault.exe	300
18600	7348	WerFault.exe	328
18604	3436	WerFault.exe	145
10188	19292	Process not Found	1103
10752	12180	Process not Found	1171
9544	10256	Process not Found	506

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	19372	dwm.exe
Token: SeChangeNotifyPrivilege	19372	dwm.exe
Token: 33	19372	dwm.exe
Token: SeIncBasePriorityPrivilege	19372	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe
2380	Unicorn-63723.exe
1292	Unicorn-28695.exe
2084	Unicorn-12913.exe
1096	Unicorn-18939.exe
3424	Unicorn-52358.exe
3400	Unicorn-18939.exe
3260	Unicorn-25060.exe
4780	Unicorn-63103.exe
608	Unicorn-22071.exe
3016	Unicorn-2205.exe
392	Unicorn-38791.exe
4552	Unicorn-59574.exe
4544	Unicorn-7772.exe
5048	Unicorn-42610.exe
3020	Unicorn-8593.exe
4512	Unicorn-62.exe
5028	Unicorn-20653.exe
4424	Unicorn-40711.exe
4420	Unicorn-32543.exe
4492	Unicorn-33097.exe
812	Unicorn-50917.exe
3864	Unicorn-61131.exe
2808	Unicorn-12677.exe
1944	Unicorn-9884.exe
2928	Unicorn-7846.exe
4504	Unicorn-15749.exe
4988	Unicorn-7084.exe
3096	Unicorn-51531.exe
1680	Unicorn-37233.exe
4920	Unicorn-18837.exe
3644	Unicorn-55039.exe
3856	Unicorn-7876.exe
4636	Unicorn-43533.exe
1136	Unicorn-19243.exe
2528	Unicorn-16097.exe
1032	Unicorn-27795.exe
4476	Unicorn-24265.exe
4876	Unicorn-59891.exe
4144	Unicorn-476.exe
396	Unicorn-55807.exe
4800	Unicorn-10425.exe
4628	Unicorn-10690.exe
1592	Unicorn-56362.exe
2996	Unicorn-29448.exe
3108	Unicorn-55999.exe
2988	Unicorn-51915.exe
1212	Unicorn-43747.exe
3592	Unicorn-55038.exe
3060	Unicorn-51915.exe
4392	Unicorn-63902.exe
1876	Unicorn-36133.exe
3436	Unicorn-47069.exe
4620	Unicorn-12973.exe
3808	Unicorn-8718.exe
3900	Unicorn-28490.exe
2776	Unicorn-24671.exe
1028	Unicorn-33031.exe
3624	Unicorn-18732.exe
2216	Unicorn-721.exe
4872	Unicorn-59573.exe
2004	Unicorn-38075.exe
4584	Unicorn-16237.exe
848	Unicorn-57535.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 2380	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	92
PID 4360 wrote to memory of 2380	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	92
PID 4360 wrote to memory of 2380	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	92
PID 2380 wrote to memory of 1292	2380	Unicorn-63723.exe	94
PID 2380 wrote to memory of 1292	2380	Unicorn-63723.exe	94
PID 2380 wrote to memory of 1292	2380	Unicorn-63723.exe	94
PID 4360 wrote to memory of 2084	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	95
PID 4360 wrote to memory of 2084	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	95
PID 4360 wrote to memory of 2084	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	95
PID 1292 wrote to memory of 1096	1292	Unicorn-28695.exe	99
PID 1292 wrote to memory of 1096	1292	Unicorn-28695.exe	99
PID 1292 wrote to memory of 1096	1292	Unicorn-28695.exe	99
PID 2084 wrote to memory of 3400	2084	Unicorn-12913.exe	98
PID 2084 wrote to memory of 3400	2084	Unicorn-12913.exe	98
PID 2084 wrote to memory of 3400	2084	Unicorn-12913.exe	98
PID 2380 wrote to memory of 3424	2380	Unicorn-63723.exe	100
PID 2380 wrote to memory of 3424	2380	Unicorn-63723.exe	100
PID 2380 wrote to memory of 3424	2380	Unicorn-63723.exe	100
PID 4360 wrote to memory of 3260	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	101
PID 4360 wrote to memory of 3260	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	101
PID 4360 wrote to memory of 3260	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	101
PID 1096 wrote to memory of 4780	1096	Unicorn-18939.exe	102
PID 1096 wrote to memory of 4780	1096	Unicorn-18939.exe	102
PID 1096 wrote to memory of 4780	1096	Unicorn-18939.exe	102
PID 1292 wrote to memory of 3016	1292	Unicorn-28695.exe	103
PID 1292 wrote to memory of 3016	1292	Unicorn-28695.exe	103
PID 1292 wrote to memory of 3016	1292	Unicorn-28695.exe	103
PID 3400 wrote to memory of 608	3400	Unicorn-18939.exe	104
PID 3400 wrote to memory of 608	3400	Unicorn-18939.exe	104
PID 3400 wrote to memory of 608	3400	Unicorn-18939.exe	104
PID 2084 wrote to memory of 4552	2084	Unicorn-12913.exe	105
PID 2084 wrote to memory of 4552	2084	Unicorn-12913.exe	105
PID 2084 wrote to memory of 4552	2084	Unicorn-12913.exe	105
PID 2380 wrote to memory of 4544	2380	Unicorn-63723.exe	106
PID 2380 wrote to memory of 4544	2380	Unicorn-63723.exe	106
PID 2380 wrote to memory of 4544	2380	Unicorn-63723.exe	106
PID 3260 wrote to memory of 392	3260	Unicorn-25060.exe	107
PID 3260 wrote to memory of 392	3260	Unicorn-25060.exe	107
PID 3260 wrote to memory of 392	3260	Unicorn-25060.exe	107
PID 4360 wrote to memory of 5048	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	108
PID 4360 wrote to memory of 5048	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	108
PID 4360 wrote to memory of 5048	4360	1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe	108
PID 3424 wrote to memory of 3020	3424	Unicorn-52358.exe	109
PID 3424 wrote to memory of 3020	3424	Unicorn-52358.exe	109
PID 3424 wrote to memory of 3020	3424	Unicorn-52358.exe	109
PID 4780 wrote to memory of 4512	4780	Unicorn-63103.exe	110
PID 4780 wrote to memory of 4512	4780	Unicorn-63103.exe	110
PID 4780 wrote to memory of 4512	4780	Unicorn-63103.exe	110
PID 1096 wrote to memory of 5028	1096	Unicorn-18939.exe	111
PID 1096 wrote to memory of 5028	1096	Unicorn-18939.exe	111
PID 1096 wrote to memory of 5028	1096	Unicorn-18939.exe	111
PID 608 wrote to memory of 4424	608	Unicorn-22071.exe	112
PID 608 wrote to memory of 4424	608	Unicorn-22071.exe	112
PID 608 wrote to memory of 4424	608	Unicorn-22071.exe	112
PID 3016 wrote to memory of 4420	3016	Unicorn-2205.exe	113
PID 3016 wrote to memory of 4420	3016	Unicorn-2205.exe	113
PID 3016 wrote to memory of 4420	3016	Unicorn-2205.exe	113
PID 3400 wrote to memory of 2808	3400	Unicorn-18939.exe	114
PID 3400 wrote to memory of 2808	3400	Unicorn-18939.exe	114
PID 3400 wrote to memory of 2808	3400	Unicorn-18939.exe	114
PID 1292 wrote to memory of 812	1292	Unicorn-28695.exe	115
PID 1292 wrote to memory of 812	1292	Unicorn-28695.exe	115
PID 1292 wrote to memory of 812	1292	Unicorn-28695.exe	115
PID 3260 wrote to memory of 4492	3260	Unicorn-25060.exe	117

C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
1⤵
PID:18408

C:\Users\Admin\AppData\Local\Temp\1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b6a9bee9343229635df338de034f180_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        10⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        10⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47058.exe
        9⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        9⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        9⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24804.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24000.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-825.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        9⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27773.exe
        9⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        8⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        8⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2154.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        8⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        8⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        7⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        7⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57587.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        9⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        8⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        8⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        8⤵
        
        PID:18852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        7⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        7⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        8⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        7⤵
        
        PID:18780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21642.exe
        6⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        7⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
        7⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        7⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        6⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 636
        7⤵
        Program crash
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        6⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        8⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        8⤵
        
        PID:18812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        7⤵
        
        PID:14764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        7⤵
        
        PID:18456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        6⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19067.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        7⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        7⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        7⤵
        
        PID:18940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        6⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        6⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        7⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        6⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52217.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47723.exe
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        6⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        5⤵
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        9⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        9⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        8⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        8⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        8⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        8⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        8⤵
        
        PID:18452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62050.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        7⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        7⤵
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        9⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
        9⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        9⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        8⤵
        
        PID:19264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        7⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        7⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36046.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        8⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        8⤵
        
        PID:19404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        7⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        7⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        6⤵
        
        PID:12844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        7⤵
        
        PID:16568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31680.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        6⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        7⤵
        
        PID:15528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 604
        7⤵
        Program crash
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        6⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        5⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        7⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        6⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        6⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        5⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        5⤵
        
        PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        8⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        8⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21757.exe
        7⤵
        
        PID:19288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        7⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65365.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
        6⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        6⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        6⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37669.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        5⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        5⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        6⤵
        
        PID:13060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        6⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        6⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        5⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        5⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        5⤵
        
        PID:19124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        5⤵
        
        PID:18928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
      4⤵
      PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      4⤵
      PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        9⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        9⤵
        
        PID:19340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        8⤵
        
        PID:18480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        8⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        7⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        7⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        6⤵
        
        PID:15808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        6⤵
        
        PID:19400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        6⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        7⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        8⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        8⤵
        
        PID:19328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        7⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        6⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 436
        7⤵
        Program crash
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 392
        7⤵
        Program crash
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        6⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        6⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22907.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6918.exe
        7⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18153.exe
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        7⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        5⤵
        
        PID:15440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        5⤵
        
        PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        7⤵
        
        PID:17848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61458.exe
        6⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15610.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        6⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
        5⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        5⤵
        
        PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        7⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47353.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        6⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28863.exe
        6⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        6⤵
        
        PID:18732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        5⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        5⤵
        
        PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        6⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27894.exe
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
      4⤵
      PID:11084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
      4⤵
      PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
      4⤵
      PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        6⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        7⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
        7⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        6⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        6⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        5⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12905.exe
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4489.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
        5⤵
        
        PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
      4⤵
      Executes dropped EXE
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28859.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        7⤵
        
        PID:18936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        7⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        6⤵
        
        PID:19264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        6⤵
        
        PID:18444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        6⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
        5⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
        6⤵
        
        PID:18852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        5⤵
        
        PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11044.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39013.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
      4⤵
      PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        7⤵
        
        PID:16140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        6⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        6⤵
        
        PID:9452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        6⤵
        
        PID:18908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        6⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        5⤵
        
        PID:12428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        5⤵
        
        PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        5⤵
        
        PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2805.exe
      4⤵
      PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
      4⤵
      PID:7232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        5⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        5⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
      4⤵
      PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4090.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        5⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51700.exe
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
      4⤵
      PID:15136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 740
      4⤵
      Program crash
      PID:18604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
      4⤵
      PID:18348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
      4⤵
      PID:9336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
      4⤵
      PID:13792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      4⤵
      PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
    3⤵
    PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
    3⤵
    PID:14292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
    3⤵
    PID:11664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        9⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        9⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        8⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        8⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        8⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
        8⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        7⤵
        
        PID:14076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        7⤵
        
        PID:18376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
        6⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14997.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        8⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        8⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        7⤵
        
        PID:17116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
        7⤵
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
        6⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        6⤵
        
        PID:18868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23041.exe
        8⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        8⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64093.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        7⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        7⤵
        
        PID:17052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        6⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        7⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        6⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        6⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        5⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        7⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44142.exe
        6⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        6⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23741.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        5⤵
        
        PID:17996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        5⤵
        
        PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        8⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        8⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        7⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        7⤵
        
        PID:19228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        7⤵
        
        PID:18860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        7⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        6⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64061.exe
        6⤵
        
        PID:17180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
        7⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        6⤵
        
        PID:17620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27432.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        5⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        7⤵
        
        PID:19144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        7⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        6⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61125.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        5⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        6⤵
        
        PID:18436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        6⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23730.exe
        5⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
      4⤵
      PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
      4⤵
      PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
        8⤵
        
        PID:19220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        7⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        7⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        7⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49590.exe
        6⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        7⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        6⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        6⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        7⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        6⤵
        
        PID:17276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        6⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        5⤵
        
        PID:15368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        5⤵
        
        PID:6240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 724
        6⤵
        Program crash
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        5⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        6⤵
        
        PID:18876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
      4⤵
      PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        5⤵
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
      4⤵
      PID:18240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        6⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        5⤵
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45159.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        5⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        5⤵
        
        PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39030.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
      4⤵
      PID:14184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
      4⤵
      PID:18324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        6⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
      4⤵
      PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
    3⤵
    PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        5⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        5⤵
        
        PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
      4⤵
      PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
      4⤵
      PID:7228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
      4⤵
      PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
      4⤵
      PID:1540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
    3⤵
    PID:10460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
    3⤵
    PID:13836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
    3⤵
    PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
    3⤵
    PID:18944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        9⤵
        
        PID:19172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        8⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13860.exe
        8⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        6⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        7⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
        7⤵
        
        PID:18984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        7⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        8⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
        8⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        7⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        7⤵
        
        PID:13540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        7⤵
        
        PID:19276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4691.exe
        6⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        6⤵
        
        PID:14656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5205.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24132.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        5⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
        6⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        7⤵
        
        PID:18772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        6⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39144.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        6⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        5⤵
        
        PID:14416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        5⤵
        
        PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        6⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        5⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        5⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        5⤵
        
        PID:7120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
      4⤵
      PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        7⤵
        
        PID:16980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        7⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        6⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        6⤵
        
        PID:18916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        5⤵
        
        PID:10100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        5⤵
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        6⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        5⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17457.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
      4⤵
      PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
      4⤵
      PID:7256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        7⤵
        
        PID:18268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60252.exe
        7⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        6⤵
        
        PID:10916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        6⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        5⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        5⤵
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
      4⤵
      PID:17920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      4⤵
      PID:18776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
    3⤵
    PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        6⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        5⤵
        
        PID:10444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        5⤵
        
        PID:13788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        5⤵
        
        PID:17952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
        5⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45261.exe
        5⤵
        
        PID:32
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
      4⤵
      PID:13572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
      4⤵
      PID:17912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
      4⤵
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        5⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      4⤵
      PID:18804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
      4⤵
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
    3⤵
    PID:8200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
    3⤵
    PID:12224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
    3⤵
    PID:15460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
    3⤵
    PID:17196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
      4⤵
      PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        5⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
      4⤵
      PID:16596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
    3⤵
    PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3918.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        5⤵
        
        PID:18752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        5⤵
        
        PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
      4⤵
      PID:13340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28006.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
      4⤵
      PID:8700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
    3⤵
    PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12568.exe
      4⤵
      PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
    3⤵
    PID:10296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
    3⤵
    PID:13748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
    3⤵
    PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
    3⤵
    PID:19128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        5⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        5⤵
        
        PID:12144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
        5⤵
        
        PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        5⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        5⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        5⤵
        
        PID:19008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28802.exe
      4⤵
      PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
      4⤵
      PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
      4⤵
      PID:7600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
    3⤵
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      4⤵
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    3⤵
    PID:8604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
    3⤵
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
    3⤵
    PID:16324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
    3⤵
    PID:7136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29236.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
        5⤵
        
        PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
    3⤵
    PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      4⤵
      PID:18828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57861.exe
    3⤵
    PID:8292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
    3⤵
    PID:13660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
    3⤵
    PID:19248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
  2⤵
  PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
    3⤵
    PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
      4⤵
      PID:9460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
      4⤵
      PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      4⤵
      PID:18740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
      4⤵
      PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
    3⤵
    PID:10900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
    3⤵
    PID:15208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
  2⤵
  PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
    3⤵
    PID:12032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
    3⤵
    PID:16296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
    3⤵
    PID:19100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
  2⤵
  PID:9592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
  2⤵
  PID:13604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
  2⤵
  PID:17904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7416 -ip 7416
1⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6008 -ip 6008
1⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6240 -ip 6240
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7416 -ip 7416
1⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5684 -ip 5684
1⤵
PID:17932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5832 -ip 5832
1⤵
PID:18476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8844 -ip 8844
1⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5768 -ip 5768
1⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 5956 -ip 5956
1⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 6776 -ip 6776
1⤵
PID:18540

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:19372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe

Filesize
184KB

MD5
c5896b98e082fa508ba09c92ed764c00

SHA1
cd7f88b9214ed5fcafda30008f72455e70b4f99f

SHA256
c35ea720d46284e2d146287526e944cfcc5672a31cc0dcf9d4a0d7752a435fc8

SHA512
cdf24d30d39c1c5ee91c832e5eb82a1a34518948b818f2ec2a319df137136b937248a602d6a99b67f24f70507a5f0bb49f34762b6d84949d1433ae4333c93c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe

Filesize
184KB

MD5
a91543a7cf7de4f8c8df9fc34a254d13

SHA1
33632511de6ca56b46dc313863fc6bca32757d4b

SHA256
d8fc5aea184f6422bb7dfc80ce56aa7fa90d1d011e60efe58bd60d641c5ccd55

SHA512
cb3ad094ad6d4f015cc9ace2eb12b375a87bd4e6adaac5b52531a3ea06b0b14ed67d0e2067f732ea16042b0fee8572a26be781f357e2d7ae5c9c9109d6a802ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe

Filesize
184KB

MD5
ac180aa413806aed14fbe19d1f5cf9db

SHA1
940ba624970bc0ecf20e69bc11ac6d92e1e9188b

SHA256
84ce543ea892eadfe1d1912213c858910ea83f8a2fd0d7de857e025d4d5df55c

SHA512
463af6cf281392c99a529f3ca33de4ba688464587f59368bb981e96c13bb31280549b523630d6b408630dc3a6311c76ff84f823b4a97d55a12ef77e968b3944d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe

Filesize
184KB

MD5
03bd0b7cafc253a36f0036249fc1f519

SHA1
7095ae1534f2c1f70be4e3401c2dd0d0683c473b

SHA256
f1e4cc65d8285e9ecf0f0fd3c0f1fe8c691449d8f230f244b354f8ac037ee022

SHA512
ea04a836648f8f9826c79c498cdc39458bed97d86f9bc9dbc2c41111d976fea41d3f5bd312cc638e094b4339e124a1293179e7ba79ac864ff78299346f996dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe

Filesize
184KB

MD5
52ce0469c0b2d8f3f8cc8f3a9b139c63

SHA1
365052a6c3621dace77b809e371d75ecb37876ec

SHA256
7afaacb3eaa64338464226e8b3b8761c2a7f130e2415b94a9a2bfa24da75b075

SHA512
64f5410f8eb655d12af83424fcc10faeca90d689ffd069b06bbd3e2584a2f8076a791efd912a60f435668ff78f715416009c4af103db672e835167e4be97a68c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe

Filesize
184KB

MD5
9f57c7fa120dc25038f4a1f924ea2116

SHA1
bce24a9d1ffb6999f4c3af2d0b8cecdfa43cb0af

SHA256
32dd80a6e736cb0a611fcbb327fd567800ab05b62a560a0b3c31026c47c212d8

SHA512
682f8c0162398300da7caa53a7e5c42b5cafb924348f9d32504ee70320da860ffedc8ff448ae97d1418e0a3c266ea1491980aa79269b6e6d0bc9efd014b781d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe

Filesize
184KB

MD5
75f00e2ae3d32562fb112ef57209e45b

SHA1
a90cec534e09ac5bb9f85b3ec56640f48021e24a

SHA256
4f10576e07ec5f0bc6c08d221b8d167119f68ab7c75f98db4b489849d8aad53c

SHA512
c8cb11c1d8cd271678b8ca34f920f038d6ee2185bbe77544bf79f4ccfcd534630035052a3859654aa0fb311d605439225f1d75b90ba3d0f75145ad148bb84e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe

Filesize
184KB

MD5
86ed30bf5b1282c3b7e2f68c6aa5c593

SHA1
0468ee9a69bb7e966f49d33d80c06c736514f901

SHA256
dff42289848fa5625bd9b9742aeefacb99946309a9eb48f0cbdae4adad2d1b89

SHA512
a840992271d24d6327da81c1c2019548ecd7d666c97bb12ebc7b148641a7cd7907a6e3bb052be8c3c43837dbbf24795e91609213a297aee8d15d6bf6502198e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe

Filesize
184KB

MD5
044858322870561ecbacf8ed7f455815

SHA1
62d6e9a775af615de7199cae8f64597825717ad9

SHA256
b4c2311a5fe98509fd3d89fded8de148066ae102c514683f7fd0f6e7cf9dd2fb

SHA512
ed6b598c614b996ba0287bd0317368910f0623e2de20708285b234f8a4cd223033882c1fe0d064428299a98fc38f864e912c7085477c1325b290100b1a561cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe

Filesize
184KB

MD5
e9808ec1e7a322e56932f175bce1e11a

SHA1
87e5815e0054fa8dc05b9040fd0cd93fb2808a1d

SHA256
99a5fcbeab9ace14d9111ac3d9573a03c3acfbd5c6abb8e503e938571b8a63f5

SHA512
d75012ffb6106fcba555e2d8a5ae263676d29b5f1dc0f0ce1e9caa22a5b8d49decd166c6ccc6255aa8c2e45b9a091990fe1a8e83c5283d565be6a1152f1e8b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe

Filesize
184KB

MD5
afda39dbe1e4f5fc973dfa73e8fa3c60

SHA1
7047849351bc5ac8a5ee83ce6c4010fbb0b5d302

SHA256
5183922e44629554b79fd4cac1bbee1c8105f3713ca5804009a27d35a9f21800

SHA512
5e39f43b02c0d2bf62ebd57c50d902350e7bd127cc4f208d30822e1dc7c10be07387244caaafad5bffaa177675cfed46e14fa163b273fcc3ea4ab9cfc06fcdc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe

Filesize
184KB

MD5
58dfc5b1fbcaa796d3f98f86a34ab5e9

SHA1
ad3e1b37720ab21a878cb403851a748557b9dc1c

SHA256
10be2c619339bf78174b4b618d8046af091cb77357dde03458275d93d52f260f

SHA512
688eba741aaee7103e59d866d1f080edab902450d1afe0992863ec98a23eb8c31c9e23a6e4ccd0b6444a802a1f1a8a0ad10f9238168750881b5e8932897b1753

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe

Filesize
184KB

MD5
54dbc5cd20e92f8899aef6716568c1a3

SHA1
33b3ef355dff00f4dcd2e5a4b05af7efc9770aa7

SHA256
9f2caba4b1d88be7707811c12632ea8bc235709b558034dded46d31030265572

SHA512
2a9ea5d842e020c60b7e12470cbd8d8cda742f33165dd3a0a4f0d61833b526396c615afab769f5ed96813ef9aabfec42e51dfec2aed9d1a8120277a020489989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe

Filesize
184KB

MD5
38a4d3a21991193fa7989130c461b5a3

SHA1
cca5a24edb8fcb163c6f10fd077fe9d24d3f16cc

SHA256
6e6a393d37107df3c491d552899b6194aa6bd1e38d76583ecab8e9f9130f0253

SHA512
705993e6537b5a2b03199db2a24d03a090c54e0d20e3cd64460f9bdea70a45ec3547d5e1e901df1fcac2a627a7f900ca21cd686652f5468f5b989d2849b9fd57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe

Filesize
184KB

MD5
17d64669376232f3548b6f258900a353

SHA1
a50853e17e8f25d27a3104380fd722304ea8bf14

SHA256
1a4422a4861adbdf37164d319adb745892a184cd57cc77c5e5b1c05d1875d79b

SHA512
147bea3d16f240b1bd0e8e11fa36ca3e4cce32f558fc6da104e0306c8063bab6a56600da07696e9c9bb26455eaf8ebc58348624353bf4d40dfc6dbcf80147d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe

Filesize
184KB

MD5
0b161d5b91efaf986110eee8178dabc9

SHA1
946205f61e8cca8fa32d400f72fa3e8b25d28b92

SHA256
dfcaae2accb71eb393df64b64de00f224f753e7e435254d394636d1565c8f41f

SHA512
c1af7fe33f3daa91ab7125f9be541138f0cea6bdffc40db84222efbb134ccbf0de781c1e4edb22eee820f6fa1fcc73f7bdc309e4b33e213c892870afc7cb17af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37233.exe

Filesize
184KB

MD5
1b72810508c007b662a9441309e0fc98

SHA1
b765cbbaf96ff56f9602bc9988295f17b627f392

SHA256
a6e64f9a5ad5e970b4846b6784818637f45df4b670ef9e35e04f9d0ce18cd9f0

SHA512
805da8339bcd4c62f3665ebe5403092d26bdba1f3c4ef29374402319cca74889ccbc21b07b20859fdef3163029095cbf08f0c29e16f60276d66db01980a9ab81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe

Filesize
184KB

MD5
0d8fe758ce208971cd630c0d00dbe424

SHA1
0c768572a3ecbff3f945ce02b9aa522f6d7afc4c

SHA256
943e257eb5e85f93e111f2264ccbe611d29b3ca5792b17dbf8f6d2c98d286bae

SHA512
555ae2fa5811265ebc0890fafc3183506d2f295ef2c71763a3665952503f503c27eadbbd82f9745511a09bc85177e157863b27ec0723ad636e24e63c28af29ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe

Filesize
184KB

MD5
c4e952e6ea7c9afe29cf66ff3d860bb6

SHA1
59aaa45695c32f1ea12d4b50689efb69a948a099

SHA256
2508d59ce3f0d11a2d458b487a327df770428dc22cd9baf8c811a8f2c8cafd42

SHA512
c88827a2af0c7c2a28598378d4c4defc5a11dda38b13b36f3f4a538f75bb3f7d0eedab39ad54175deeb34ff40ac771588d46d8c815837b55b1a8926f646411d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe

Filesize
184KB

MD5
5542d917c2ec916fbd1df01ccd758927

SHA1
d2150495f8e18cf34d64558042f2b3bfb1c5c278

SHA256
9c2f966d34ae7469d70ce13ca989b4b4698022088016ad623ab7349c48f0c1c1

SHA512
83e7b356267df503bd6814e3d996614a4a469d7c28b8c139ea73bc90d00cfa4db4aac94e8884f54155dc021acfd91a07830a42dfdfaddac988e554c6fd077d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe

Filesize
184KB

MD5
68f54f443ba0c75c088b594de6b8ed9f

SHA1
6eaac470dbe23e7ce873e2a44923bc2f2f4016fb

SHA256
3bb5d9b836d5ec7d0100bcc5479e28f6fca4edac0988ffff4dac08c7995d1123

SHA512
d3ade52275d321e34471446e85f52c80b12b5350a608153cc4eb09afe580fb5c5a5be35ea8d24a379d9386975d364e2be60b55529fd599943f84be3f585b6da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50917.exe

Filesize
184KB

MD5
fcd874bab33a055523e2ac0aa864e655

SHA1
d96f5e333f1cf1227dc1bd458f5b18e730635e2c

SHA256
e8676305280fd4dc66c90f93b500b7f3712abb862ad3420af735bcd2b7ff5390

SHA512
9dd49d5ff0d8d6b6307e823951fbd2576da3534577475edb2f30a136b44be9af3a6a763973109957ee2ea802b70894a10cdbf93060020b0b1ec842121b9230c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe

Filesize
184KB

MD5
31f9b75cbb60843aaa9fb133b3b862d1

SHA1
7047bae035eb068a8f9456fb61e78a6d014dfd0c

SHA256
0f7cc4ec71a2802072377a50dc766a3bac08b7df067c98174c9176787e73e447

SHA512
b0356ebe3636acfc69b4b532c8dbe557cd54a16b8fe38edaed73bebe8ca9de817cfe39b5b4370490664aea1a331328dfed2c80afd08214f3a724298b0277640e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe

Filesize
184KB

MD5
070e5d956f756a2b0b7bcbdd14b4e914

SHA1
314cc0ec8065b6f2e2d9e59ce670ad800611ab5d

SHA256
f3ac41191bab9a877a339b6061f1a7c6475f9ed3489f342591832cc733baf3c9

SHA512
344baa9cc7bc9f53b2745bfc8a6fd0878d3721c6833dd06efecd61346ada0a6965e6a437eaefebdc6d154e6924f862e5f49e2858ea7f75bf9201eb8a0d18ffdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe

Filesize
184KB

MD5
292b66d546e71b7f36ac40d155bd4491

SHA1
31dbf03baf85e812d33bb1c8a0acd4e4f72253ae

SHA256
a04d6ff332463ef892dd014d2e35bdd879aab56d4289f2c058c880579d54d179

SHA512
d6c1091856443c2c7a345a13b2a742384c7c8972c27005d14f78f49c647f7e56d150209d1fa7a2f878e51b47967a611781da1f53ce3b99c750e2d1e01e52533c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe

Filesize
184KB

MD5
549c817aeb113fae2bc21c89de4e3249

SHA1
82fab0ddacbc9adac4ee96dc9706e22d338567ec

SHA256
ff8023265e8ba73b267fb62fd3ed51524055397ee4edd1a72107dc7aa304b25c

SHA512
94060e19abb4c932854a54e57ed492d558ed36918c606513ebf38cac4cc29d7c756a3810b7079a52bb168ed06639330ccb777230e06a2e0b6c7b62991c8b1f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe

Filesize
184KB

MD5
46c4f1bbedd2943573a71bc5d743c172

SHA1
21064316f967c4a196ec70cefa57b9c490776b3a

SHA256
0336a75d20fe5a49cb6732252589c1629a0ffc805d5e0d09b649d211b71001cf

SHA512
67fa0af246aa9dd34c8e4c11f4967caa7ec416d90c172e46f900e251c61d0d754c7bbbdf4ba03296f176962a161f32e4c00840c1f66798c23c46a5757faeaacd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe

Filesize
184KB

MD5
470256a69f9e98759ac9cd5dc855f333

SHA1
fa85be4594636e5f46ab40649c6b2c1216227dd0

SHA256
5109d6aacfa086e57f15be18769f963c0003d8337c4c63de0c3d9c238dcf27ad

SHA512
7892f16787da1afd1d925c2e4e846ca13e7853f8904bcec1074a6d72a3d0afc4e284bd43d1f51354616bfaa4caf47bb42ae0407883aea3903acabef7757b5ed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe

Filesize
184KB

MD5
8ec3a2f1aa992381c35908e4d0ad9678

SHA1
fc9f52f4b80cd602139c381d2249f4fbf07e6b9a

SHA256
99ae621dfd9c8d424aaf99ddefc1e6db3220109887fc7ca9c0e204b345a641b4

SHA512
3c0caa0a2ab236cd6ce159a31054c046bc4fc28beff62c8782ac4006c8204c9c16081ec59cf68bed4b3829022ccfb9ab22ca52a9897019945154f3b37507ba8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe

Filesize
184KB

MD5
c6e3542979555d0be5e39a8fda24ff35

SHA1
a593947ebe7e2dc01118717c90c80d5e7eb3da7a

SHA256
314c7d6846af95a87d8ec249f040c08f58f204e4edcfe7c79aeef251501a385b

SHA512
80d04c16464bc11b44ab03534792ce6803ed93034c930e78b82c05cc0e803dd12d3f1330ddb23366f132f8ef00614218785f31e82728937aff3089afbefc3b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63103.exe

Filesize
184KB

MD5
c865ac9fb3cfb31caefd98dbb027cc25

SHA1
20161c71ddafce08230ce90f7617c5c2e75ea089

SHA256
db1bda1608503776c1ee0f7a2507e13184dd10cee7956f07164e1815a4980f05

SHA512
2e35e884c0b88366526ee7f6f88065a30b8f04be686e06b2258a7f0b076c2b76ea31622974d4c1711620ca899b010ba517b96dc8b61d218d75e1fb99a3afb367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe

Filesize
184KB

MD5
73998aefb5cee06a742a8d0f2c1b4d8f

SHA1
4c2d3dbb30de5d38b26f98e4754386f9e2a899a8

SHA256
5ebd8e9c1a3045d7ca0dcdd6b8cec0fb647b77f87cae5b3577a185d50b5ade1a

SHA512
5b07bc6067f89c7729bd4de12b68248fa0a40c8f33969d0885f5960c8332cacf969a562988da4fe07e37f39c490917f0be6930579990b4327bf2e79a5938c32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe

Filesize
184KB

MD5
db458f586964e0656ba943902b4b069f

SHA1
02ae60eba9a2dd7e37531ead038635c2f70cef70

SHA256
57beca9244e949e41a03d4b68bd912033baed93c49c149ca708f7471b9642701

SHA512
0427748c7de76dc5d8dd7e9530ad6c96032b6036092db1c7d50d30d4b38ada39bd9a4afb33f114433ee3bf2a348e7a3417c4eeff709236b412bdf9fcf7d2ad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe

Filesize
184KB

MD5
9412a720ce427bc6bc5357a6d4d67ca9

SHA1
1204d1dec726202b1a0a766197fd4e153ab2a94b

SHA256
b8898dbbb2e569c84d558f65860f5de240a2760386b9b571af952f1b742d3124

SHA512
f18c55eed72e978f7e6d4805303730a681ccec2fecf2582ad461e227e8e7c7881ceb024e1c6097724b45274f318d42a151cc7ffaf9fe19b3668b265083f44f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe

Filesize
184KB

MD5
0191a17b227f9def3a9772d4c8d06c9e

SHA1
e1eb920397e81d43e456912d830b03d13c13d34e

SHA256
13de18f943017fa74b09d39c6eb2d7bc0be208d441d116eee4a37ab8c90f615f

SHA512
881c1a907acd00ccf0656d3ee34b28bfc656f3e901daec9726996f8c6c312d67603b5403bea51fe07dfb1831b6a4d5f2e3b00db2bcd7c91ee93fc2a8275a873f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe

Filesize
184KB

MD5
3928934fc47d2f39d3d3507e80138894

SHA1
554a4ea4a2ce9281beb32152cb50eb9f45073ffb

SHA256
5e05fee2c8004bdd96c77039238b890ae4b7e1d42c4eafc23eb24017606633d3

SHA512
3baf9c931a0953c1acdf1f6e77aae45e5c3fc9b2c3b9adf3ff2d34039c8cec8a0d649f0fa46cbae9b5d253924749e03c78609500c053966c3b5c30955efcf199

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe

Filesize
184KB

MD5
08002c3f91734a11b5aa6dacf4b32113

SHA1
9e7cfb3059cdd7ebc307e836cca7de1f9bf49bbd

SHA256
513cbf168942dc09c7ae44dc5217037c7165ba215eac3b3247c16e7d26c53d9d

SHA512
154ed9e4a7c6865f9e33e12c142044b9b6b4a886858e6f70302af5a4ab7ac6e9bbcbbc519c452157253d266352246f15f926b69e9980e55a119b59c6f42df469

Download Submit
memory/4360-4038-0x0000000075940000-0x0000000075956000-memory.dmp

Filesize
88KB

Download
memory/12924-4664-0x00007FFB63820000-0x00007FFB638A3000-memory.dmp

Filesize
524KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads