ba895320c6e51aca16df5f35aad44af5b1b2e2e750695af3d5e8853c36bdbcbc

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe
Size

184KB
MD5

7aa83d511dcb9eb9794ba50a3fed4560
SHA1

687f0a0662c05f4278073903163546f1f34c178c
SHA256

ba895320c6e51aca16df5f35aad44af5b1b2e2e750695af3d5e8853c36bdbcbc
SHA512

cb129cdba436b6d903fa4e2ca3769fd6b46064eb735825e5ab92b2fb0e63eeae74067a1192083fca8d231fd0ffd7776ec9b3d602c87c9ebd603c8cefa0f48816
SSDEEP

3072:9zh/+MoWpBU+8dqFzCHJzfaSzlvVqnviuz:9zjomoqFczCSzldqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4788	Unicorn-1165.exe
4552	Unicorn-62779.exe
2868	Unicorn-41253.exe
2956	Unicorn-47383.exe
1380	Unicorn-60183.exe
1132	Unicorn-47246.exe
4340	Unicorn-27380.exe
1608	Unicorn-27438.exe
4848	Unicorn-31767.exe
1612	Unicorn-64501.exe
1548	Unicorn-54.exe
3624	Unicorn-55918.exe
1564	Unicorn-28020.exe
4036	Unicorn-30820.exe
800	Unicorn-17085.exe
216	Unicorn-30845.exe
4328	Unicorn-51287.exe
3176	Unicorn-50965.exe
2936	Unicorn-37006.exe
4976	Unicorn-54716.exe
1636	Unicorn-40727.exe
4600	Unicorn-8438.exe
2040	Unicorn-36698.exe
3448	Unicorn-25277.exe
4816	Unicorn-45143.exe
1768	Unicorn-31630.exe
3708	Unicorn-56802.exe
512	Unicorn-64613.exe
452	Unicorn-32087.exe
1808	Unicorn-34529.exe
4904	Unicorn-56119.exe
3664	Unicorn-56119.exe
3080	Unicorn-18276.exe
1728	Unicorn-37021.exe
4932	Unicorn-8589.exe
908	Unicorn-21972.exe
3204	Unicorn-41646.exe
3432	Unicorn-45413.exe
4656	Unicorn-20580.exe
4588	Unicorn-27479.exe
4224	Unicorn-40093.exe
424	Unicorn-35502.exe
2676	Unicorn-19991.exe
3024	Unicorn-20567.exe
4836	Unicorn-20567.exe
4228	Unicorn-53239.exe
2196	Unicorn-31902.exe
3700	Unicorn-40110.exe
1084	Unicorn-40110.exe
4448	Unicorn-1469.exe
3972	Unicorn-64428.exe
1468	Unicorn-53493.exe
5064	Unicorn-7556.exe
3868	Unicorn-31867.exe
3120	Unicorn-18132.exe
4472	Unicorn-55214.exe
1836	Unicorn-36308.exe
2468	Unicorn-8182.exe
1668	Unicorn-41550.exe
1040	Unicorn-59054.exe
2772	Unicorn-30740.exe
680	Unicorn-50606.exe
3396	Unicorn-31831.exe
3540	Unicorn-31700.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
1716	1548	WerFault.exe	104
5768	3528	WerFault.exe	182
5884	2196	WerFault.exe	143
7032	5304	WerFault.exe	192
8396	5384	WerFault.exe	197
1692	5180	WerFault.exe	279
13168	6152	WerFault.exe	277
15580	1616	WerFault.exe	276
16956	5884	WerFault.exe	284
8184	4996	WerFault.exe	896
13720	7692	Process not Found	317

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8892	Process not Found
Token: SeChangeNotifyPrivilege	8892	Process not Found
Token: 33	8892	Process not Found
Token: SeIncBasePriorityPrivilege	8892	Process not Found

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
9408	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe
4552	Unicorn-62779.exe
2956	Unicorn-47383.exe
2868	Unicorn-41253.exe
1380	Unicorn-60183.exe
1132	Unicorn-47246.exe
1608	Unicorn-27438.exe
4340	Unicorn-27380.exe
4848	Unicorn-31767.exe
1612	Unicorn-64501.exe
1548	Unicorn-54.exe
1564	Unicorn-28020.exe
800	Unicorn-17085.exe
3624	Unicorn-55918.exe
4036	Unicorn-30820.exe
216	Unicorn-30845.exe
4328	Unicorn-51287.exe
3176	Unicorn-50965.exe
2936	Unicorn-37006.exe
4976	Unicorn-54716.exe
1636	Unicorn-40727.exe
4600	Unicorn-8438.exe
3708	Unicorn-56802.exe
2040	Unicorn-36698.exe
1768	Unicorn-31630.exe
4816	Unicorn-45143.exe
512	Unicorn-64613.exe
3448	Unicorn-25277.exe
452	Unicorn-32087.exe
1808	Unicorn-34529.exe
4904	Unicorn-56119.exe
3664	Unicorn-56119.exe
3080	Unicorn-18276.exe
1728	Unicorn-37021.exe
908	Unicorn-21972.exe
3204	Unicorn-41646.exe
4932	Unicorn-8589.exe
3432	Unicorn-45413.exe
4656	Unicorn-20580.exe
4588	Unicorn-27479.exe
4224	Unicorn-40093.exe
424	Unicorn-35502.exe
2676	Unicorn-19991.exe
4836	Unicorn-20567.exe
3700	Unicorn-40110.exe
3024	Unicorn-20567.exe
4448	Unicorn-1469.exe
2196	Unicorn-31902.exe
4228	Unicorn-53239.exe
5064	Unicorn-7556.exe
3972	Unicorn-64428.exe
3120	Unicorn-18132.exe
1084	Unicorn-40110.exe
1468	Unicorn-53493.exe
3868	Unicorn-31867.exe
4472	Unicorn-55214.exe
1836	Unicorn-36308.exe
2468	Unicorn-8182.exe
1668	Unicorn-41550.exe
1040	Unicorn-59054.exe
2772	Unicorn-30740.exe
680	Unicorn-50606.exe
3396	Unicorn-31831.exe
3540	Unicorn-31700.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 4788	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	89
PID 460 wrote to memory of 4788	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	89
PID 460 wrote to memory of 4788	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	89
PID 460 wrote to memory of 4552	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	92
PID 460 wrote to memory of 4552	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	92
PID 460 wrote to memory of 4552	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	92
PID 460 wrote to memory of 2868	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	94
PID 460 wrote to memory of 2868	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	94
PID 460 wrote to memory of 2868	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	94
PID 4552 wrote to memory of 2956	4552	Unicorn-62779.exe	95
PID 4552 wrote to memory of 2956	4552	Unicorn-62779.exe	95
PID 4552 wrote to memory of 2956	4552	Unicorn-62779.exe	95
PID 2956 wrote to memory of 1380	2956	Unicorn-47383.exe	98
PID 2956 wrote to memory of 1380	2956	Unicorn-47383.exe	98
PID 2956 wrote to memory of 1380	2956	Unicorn-47383.exe	98
PID 2868 wrote to memory of 1132	2868	Unicorn-41253.exe	100
PID 2868 wrote to memory of 1132	2868	Unicorn-41253.exe	100
PID 2868 wrote to memory of 1132	2868	Unicorn-41253.exe	100
PID 4552 wrote to memory of 4340	4552	Unicorn-62779.exe	99
PID 4552 wrote to memory of 4340	4552	Unicorn-62779.exe	99
PID 4552 wrote to memory of 4340	4552	Unicorn-62779.exe	99
PID 460 wrote to memory of 1608	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	101
PID 460 wrote to memory of 1608	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	101
PID 460 wrote to memory of 1608	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	101
PID 1380 wrote to memory of 4848	1380	Unicorn-60183.exe	102
PID 1380 wrote to memory of 4848	1380	Unicorn-60183.exe	102
PID 1380 wrote to memory of 4848	1380	Unicorn-60183.exe	102
PID 2956 wrote to memory of 1612	2956	Unicorn-47383.exe	103
PID 2956 wrote to memory of 1612	2956	Unicorn-47383.exe	103
PID 2956 wrote to memory of 1612	2956	Unicorn-47383.exe	103
PID 1132 wrote to memory of 1548	1132	Unicorn-47246.exe	104
PID 1132 wrote to memory of 1548	1132	Unicorn-47246.exe	104
PID 1132 wrote to memory of 1548	1132	Unicorn-47246.exe	104
PID 1608 wrote to memory of 3624	1608	Unicorn-27438.exe	105
PID 1608 wrote to memory of 3624	1608	Unicorn-27438.exe	105
PID 1608 wrote to memory of 3624	1608	Unicorn-27438.exe	105
PID 460 wrote to memory of 1564	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	106
PID 460 wrote to memory of 1564	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	106
PID 460 wrote to memory of 1564	460	7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe	106
PID 4552 wrote to memory of 4036	4552	Unicorn-62779.exe	107
PID 4552 wrote to memory of 4036	4552	Unicorn-62779.exe	107
PID 4552 wrote to memory of 4036	4552	Unicorn-62779.exe	107
PID 2868 wrote to memory of 800	2868	Unicorn-41253.exe	108
PID 2868 wrote to memory of 800	2868	Unicorn-41253.exe	108
PID 2868 wrote to memory of 800	2868	Unicorn-41253.exe	108
PID 4340 wrote to memory of 216	4340	Unicorn-27380.exe	109
PID 4340 wrote to memory of 216	4340	Unicorn-27380.exe	109
PID 4340 wrote to memory of 216	4340	Unicorn-27380.exe	109
PID 4848 wrote to memory of 4328	4848	Unicorn-31767.exe	110
PID 4848 wrote to memory of 4328	4848	Unicorn-31767.exe	110
PID 4848 wrote to memory of 4328	4848	Unicorn-31767.exe	110
PID 1380 wrote to memory of 3176	1380	Unicorn-60183.exe	111
PID 1380 wrote to memory of 3176	1380	Unicorn-60183.exe	111
PID 1380 wrote to memory of 3176	1380	Unicorn-60183.exe	111
PID 1612 wrote to memory of 2936	1612	Unicorn-64501.exe	112
PID 1612 wrote to memory of 2936	1612	Unicorn-64501.exe	112
PID 1612 wrote to memory of 2936	1612	Unicorn-64501.exe	112
PID 2956 wrote to memory of 4976	2956	Unicorn-47383.exe	113
PID 2956 wrote to memory of 4976	2956	Unicorn-47383.exe	113
PID 2956 wrote to memory of 4976	2956	Unicorn-47383.exe	113
PID 3624 wrote to memory of 1636	3624	Unicorn-55918.exe	114
PID 3624 wrote to memory of 1636	3624	Unicorn-55918.exe	114
PID 3624 wrote to memory of 1636	3624	Unicorn-55918.exe	114
PID 1564 wrote to memory of 4600	1564	Unicorn-28020.exe	115

C:\Users\Admin\AppData\Local\Temp\7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7aa83d511dcb9eb9794ba50a3fed4560_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29870.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        11⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7978.exe
        11⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        10⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        10⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        10⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        10⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        10⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23882.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        9⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        9⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        9⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        9⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        9⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        9⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        9⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        8⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        8⤵
        
        PID:18180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        8⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        9⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        9⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        9⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        9⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        9⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        9⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
        8⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        8⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        8⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        8⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        8⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        7⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        7⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        7⤵
        
        PID:18216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
        9⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        10⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        10⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        9⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        9⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        8⤵
        
        PID:15080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        8⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        8⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        8⤵
        
        PID:18056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        7⤵
        
        PID:17548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41771.exe
        8⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29271.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14583.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
        8⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        8⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        6⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        7⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        7⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        10⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        10⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        10⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        10⤵
        
        PID:18284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        9⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24990.exe
        9⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        9⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        9⤵
        
        PID:12940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        9⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3536.exe
        8⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        7⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        9⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        7⤵
        
        PID:18196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
        7⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        7⤵
        
        PID:14392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        7⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        8⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        8⤵
        
        PID:15856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        7⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        7⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        6⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        7⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        7⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51301.exe
        5⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        7⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21677.exe
        7⤵
        
        PID:13468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        6⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        6⤵
        
        PID:10468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        5⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        5⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        5⤵
        
        PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        8⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        9⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        9⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        8⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        8⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        7⤵
        
        PID:13984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        6⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        8⤵
        
        PID:18100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-265.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        7⤵
        
        PID:15964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        7⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        7⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        7⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        7⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        6⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-310.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63447.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        6⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        5⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        7⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        6⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        6⤵
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        5⤵
        
        PID:8540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        7⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        7⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        7⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        6⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        6⤵
        
        PID:16600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52210.exe
        5⤵
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        7⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        6⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39667.exe
        5⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32737.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      4⤵
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        6⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 440
        7⤵
        Program crash
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        5⤵
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        5⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        5⤵
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      4⤵
      PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3725.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        9⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        9⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        9⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        8⤵
        
        PID:12372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        7⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        6⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57592.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        7⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        6⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        7⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        7⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        7⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        7⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        6⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        6⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        7⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        7⤵
        
        PID:18224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        7⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        6⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        6⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        7⤵
        
        PID:15948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        6⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
        6⤵
        
        PID:13704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        5⤵
        
        PID:16404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
        7⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        6⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        6⤵
        
        PID:17216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27156.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        7⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
        6⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14727.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        5⤵
        
        PID:12852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        5⤵
        
        PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18452.exe
        6⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        7⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20131.exe
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
        7⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        6⤵
        
        PID:17348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        5⤵
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3799.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        5⤵
        
        PID:14264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
      4⤵
      PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
      4⤵
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        8⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 608
        8⤵
        Program crash
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        7⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8047.exe
        7⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        5⤵
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 212
        6⤵
        Program crash
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12263.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        5⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3827.exe
        6⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        7⤵
        
        PID:18144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28513.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        6⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        5⤵
        
        PID:17652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
      4⤵
      PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54823.exe
      4⤵
      PID:12596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
      4⤵
      PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
      4⤵
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
      4⤵
      PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22807.exe
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        7⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        7⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        7⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        5⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        5⤵
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7258.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        5⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      4⤵
      PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
      4⤵
      PID:16908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56600.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        5⤵
        
        PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
      4⤵
      PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      4⤵
      PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
      4⤵
      PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
      4⤵
      PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
      4⤵
      PID:18276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
      4⤵
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
    3⤵
    PID:9592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
    3⤵
    PID:12456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
    3⤵
    PID:15688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
    3⤵
    PID:5576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
    3⤵
    PID:6000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 720
        5⤵
        Program crash
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        8⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        7⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        7⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        7⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        7⤵
        
        PID:15716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        7⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1286.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64942.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        5⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        7⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 624
        7⤵
        Program crash
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        5⤵
        
        PID:7804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        5⤵
        
        PID:13612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
      4⤵
      PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
      4⤵
      PID:10568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
      4⤵
      PID:17376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        7⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34913.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
        6⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        5⤵
        
        PID:5304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 708
        6⤵
        Program crash
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        6⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        6⤵
        
        PID:17900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        6⤵
        
        PID:12292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 652
        6⤵
        Program crash
        
        PID:15580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 636
        5⤵
        Program crash
        
        PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
      4⤵
      PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
        5⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
      4⤵
      PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
      4⤵
      PID:16960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        6⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        6⤵
        
        PID:12040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
        6⤵
        
        PID:16312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4207.exe
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        5⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        5⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        5⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
      4⤵
      PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29748.exe
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47999.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
      4⤵
      PID:13492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
      4⤵
      PID:17228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        5⤵
        
        PID:10496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        5⤵
        
        PID:13844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49854.exe
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
      4⤵
      PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44635.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
    3⤵
    PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    3⤵
    PID:9916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
    3⤵
    PID:13116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
    3⤵
    PID:16008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
    3⤵
    PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        7⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        7⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        7⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        7⤵
        
        PID:15988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        7⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19866.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        6⤵
        
        PID:11484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        5⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        6⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        6⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        7⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49483.exe
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        6⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10579.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:18160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        5⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
      4⤵
      PID:15328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
      4⤵
      PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
      4⤵
      PID:5916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
        6⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        5⤵
        
        PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
      4⤵
      PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54369.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
    3⤵
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14931.exe
        5⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        5⤵
        
        PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
      4⤵
      PID:11860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
      4⤵
      PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
      4⤵
      PID:18108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
    3⤵
    PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
      4⤵
      PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      4⤵
      PID:5176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
    3⤵
    PID:8676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
    3⤵
    PID:12840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
    3⤵
    PID:15296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
    3⤵
    PID:17428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10281.exe
    3⤵
    PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
    3⤵
    PID:18276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        5⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        6⤵
        
        PID:17272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        5⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        6⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        6⤵
        
        PID:18320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        5⤵
        
        PID:11476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
      4⤵
      PID:5884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 720
        5⤵
        Program crash
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
      4⤵
      PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
      4⤵
      PID:1676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4714.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        6⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24916.exe
        5⤵
        
        PID:15920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7927.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
      4⤵
      PID:15624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
      4⤵
      PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19956.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        5⤵
        
        PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
      4⤵
      PID:17248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38955.exe
    3⤵
    PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
      4⤵
      PID:13784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
    3⤵
    PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
    3⤵
    PID:13296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
    3⤵
    PID:15652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        7⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        6⤵
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
        5⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
      4⤵
      PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
      4⤵
      PID:13056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31066.exe
      4⤵
      PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
      4⤵
      PID:6472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
    3⤵
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        5⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        5⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
      4⤵
      PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
      4⤵
      PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
    3⤵
    PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
      4⤵
      PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
      4⤵
      PID:16196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
    3⤵
    PID:9912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
    3⤵
    PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
    3⤵
    PID:15660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
    3⤵
    PID:6244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 640
    3⤵
    - Program crash
    PID:5884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
  2⤵
  PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5315.exe
      4⤵
      PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
    3⤵
    PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
    3⤵
    PID:14008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
    3⤵
    PID:16944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
  2⤵
  PID:7844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
  2⤵
  PID:10212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
  2⤵
  PID:14224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
  2⤵
  PID:17396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34664.exe
  2⤵
  PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1548 -ip 1548
1⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3528 -ip 3528
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2196 -ip 2196
1⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5304 -ip 5304
1⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5384 -ip 5384
1⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5180 -ip 5180
1⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6152 -ip 6152
1⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1616 -ip 1616
1⤵
PID:15564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5884 -ip 5884
1⤵
PID:15576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2488 -ip 2488
1⤵
PID:7112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe

Filesize
184KB

MD5
ec3a114035375e6842b256cd8ddc2290

SHA1
610bace7d9852cfb2d5e089f7e324100a3b1803e

SHA256
b803ae5ce3e62dc234c10701e94237d4205142d6eb32828f7d82d284b9754512

SHA512
7abd38645586a83353619f41206912cd3f2db9b155f8b9ae79c2da60fc7a1cf67e123f35f9b9515b0b4e3ccdbd673f8ed9cbf7a09fd264726cb100f214972200

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe

Filesize
184KB

MD5
2465c670e5a2aff1c2e412878beb010d

SHA1
c93f31419ebef5db82ed612880952103dcc63926

SHA256
2634aa52e1c792cf14d6a850f0d46675ca693e46cac0d3a437d43e0c973aef12

SHA512
3fb8e5276e4b0abd3b43b879215c211a3ae9bc7758cc28956511a93b0c0c06b2e22fba2939136eb13638e074d52284b1184545bef320a33cfbf7755f91a8bf1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe

Filesize
184KB

MD5
c8a23488e89f51b3a6b2c63f616a50ba

SHA1
25b9cff35588e687e630209192c2fb275bcef5c6

SHA256
05b82af1816fbfad5363786f56831067b7fdfffaa916873489b8a74e817bef93

SHA512
6fdc25ff5e18ecda218e7bd817ae522b0dbd0e4c95fd17e91f059dd408239819ae0a083b0d67553da46ed90fa536057594dff6c6634b9b0a599303d51fb183bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe

Filesize
184KB

MD5
8cb21188e34979f0aeb2ad608b39c034

SHA1
be41fdae1718be763ad66a12e4cbb0d21b3a59ea

SHA256
26672651c033d36a116094c49c999bbe748f7a9c2899339598d893d9aaeb56da

SHA512
dc96ecc0c414aac197ab507d842e97b7d8a14ea60137945a2dda305633eedbf6047220a63ee5d4866595c496d5d2804bb3cbd50e3e1e2276af6adb1785caa1ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe

Filesize
184KB

MD5
b781e8da5d1527538925cc84aafbdf6d

SHA1
2ba756c5b436fd097363b7960fc7051a4a010bf7

SHA256
30d7f6ee8e5de756bf625e4f19af0c7d58ab8047deda74bc90a6a644ce1c6c0f

SHA512
ad66ab7020cd4596934b1ebaf436cdad4fac9bac197fa801f97dff6d20dcc757113a40605c7d0b3e6d852e7ed4b08ad2673ba1257fbf7b64164cf6568b992a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe

Filesize
184KB

MD5
3fe71a1293c72f7a667e99ce08c53314

SHA1
027a4d150aab5ccc02b4869833a9632433a4e8ed

SHA256
f61304ad4edfa7461fda539968defaa0ed758e0bf3da0f8789f2233d468263f2

SHA512
be03de8bacff4187f6140868d02847919974431e290ca87a0538986a9ca176067a269c7fd40f63e0bd686458c09e7f0c156853f3ce7d3b1bd568989e43af10d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe

Filesize
184KB

MD5
926866ce7bb1872eae3faada7b380e9f

SHA1
66821ecede90021587bc5d709c9b89f0b760e1ed

SHA256
80685929cedc30156fbe239a1105bd157fc03fc3c49ed82ec213b5de3e5ff754

SHA512
80642e902bcda0ac25228369eb4cdb90cbbd2c2b315e22f4c237d3b28b680a3ddb8f2c4a26f1d4643c611d06cdf1d447e6b1026d29b6cf654f3f51a0130dbc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe

Filesize
184KB

MD5
2f600718d7ac8240962dc28807a4976e

SHA1
10e205f080537b29dd143640d30a7bbe124fe2db

SHA256
4f2c521d954db8b6cc53bc78e4468276c58844785344b3d062253e541d957f39

SHA512
48c3b67fd0cff2d3a44a87e9060fd6cf45afea4899df6300d4a5ce0501349193032787d33c95022152df2e986d19f2c338eb1332746319e8c82728f7e00edd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe

Filesize
184KB

MD5
92c5b60500bd026889ac12622ef85121

SHA1
c4db04acedb276860d432d68cdb6b557b9b3986c

SHA256
1919eaa15c5173701109ca877efaefb0873afb60fa55202c325e6e10bab57fbe

SHA512
d6878d9b2957bbad3603b446c1aa9d17dcd2ea30144eae51e39d9e2a113fb90ad3c1f374bf9b7dd183dcdd8c32a7633e5e947c96fadddd95d05b304b55788908

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe

Filesize
184KB

MD5
f3937e0cc570cfd19dbccc89cad851af

SHA1
f5252292ea0cd66a73701dd43ab8c328394aad75

SHA256
dbf9ac27657556a22aaa38657c3443b969481a0fdb42970097d09cca2ed6087d

SHA512
befabe2ef40690209448f714766a1afe856c4cc0095ed260004cc7368024f6d46096e2fd54c6e7ca258e35631bec3f02714526de1b19a3cfb09f62bf662a8e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe

Filesize
184KB

MD5
af6ed3ba9bab3be1e0bc495d3c4be6e7

SHA1
958c9dbe8b13c6f66ae3bfe32b8aca1a625d2998

SHA256
5621ee104b4bd97c664bd4687566e3adfa86acf6e1bbeb2196fe5d144e5d8a5d

SHA512
2b9ab1cf375e9ce5da78454601f9b2513666aaad5a38eefef713ed6c659b28a6ed53e1367385fde4fdf73c17f23093b707b70bdc88d05fcdf45d6aeea27e9713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe

Filesize
184KB

MD5
e6bb1af949c921eccec19a915bbc1650

SHA1
d23649d99f0783fac8808cce4b49f46532810c89

SHA256
3d253d45b9091e87630546cdba161eaa1172e258360b5face94aa9626afc1915

SHA512
2d27ee3ff007cb1e33715ab7bedc2f88bea0b266ccdca2f7acec2f27ab68bc2caca54644157557557a6461a0b703fa8a830ffbdea310de7b059d3d875c41fc22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe

Filesize
184KB

MD5
a9d7e9fec7d6f67763241909d864dde7

SHA1
9c7796d3a63b13bbe58c2db2200ab81037d53942

SHA256
d17fefb126103a2fd38d157dc30f6ed42ea1efec2d0811fed365c753de090724

SHA512
891e86c0b87d382f7132f004423463e6fe6a7dfade8fb150f1440d480fc30992dd8af7f72dfbe6d8b89334273e1e2ee12eb244c77f17ec4147a532dbd469e24f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe

Filesize
184KB

MD5
a99ea32f58a2986a7b926b294a7ab051

SHA1
5042c8f31a0f403c6847edc888f4a8c28a11fcc4

SHA256
1feddb950248f4094bdfa1a79030278db2d26b124daa8bae289389c95f1642cb

SHA512
ba8f0ba82a2402dc584d0cb3084aeb66acdd35b966f8f22f81ebcddfef5418c93deeeeceb351f91ac75a8051f6068c3167836b6f63bf9adfc93a0c818b1f12af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe

Filesize
184KB

MD5
6246ab4ad946d10a9051910e183b713b

SHA1
61e172596f6b2fad6cad2cafc8b47f2f43ac45f8

SHA256
644df52f7742fd353a4fad06ea3fe2f5e3dba07ef8602e1f6205f92b0db7f70c

SHA512
4fb7e0c98fd488f317475624ebc6d8a2d29e1d93444942114aa0fd7a4ec15b82d2e4d62ff42cdc38ed4953ae3aa95ba5c4306ba9b722480f7cfb047b4dee4c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe

Filesize
184KB

MD5
e82a2a9bae84e8fdca67b09249d3760c

SHA1
8246c4018ec7cf2d751b945477eb71a7d9e06de0

SHA256
9b131fa0c6acd03bc17ea7261a6001a1e2d7252752cd1d08cc50c7b98618f13e

SHA512
2dfb35ce4d8aaa0677beed3cdc718b2cfd94b43989fba0ec195d73e112b5fbc169d205c445124b75ea3858d021e1d0ad3c5a42a25a801222c2c31c21eac13365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe

Filesize
184KB

MD5
3704f8e18dad6288a2c519cbb41fc31d

SHA1
fb40a09e1caa81165eed8b7513433ba57bfaa3a4

SHA256
204f8d0ed382a6269fe59847431498e693c5e8042a2b04b181f96a58357b77ac

SHA512
b3d820084bc51d8ead45f615007273156cd962b8723805e478e9e53478358db58eff8923c6b481c9a1300c75694b6d6dcdd331700420e8885c516ae20d97bc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40727.exe

Filesize
184KB

MD5
19402ac80d5efbe6e5fdbf8eddd3a77c

SHA1
f5360eb06f77066b0b63d6fc1fa4ce1808133840

SHA256
9da15e6be8b994efe36c0cc27865fd0220ba1b44a365a80b7f6517435c330a84

SHA512
0c0b4f5fb09e31201593b4db2750d428bfb8c84e1909a696d69a4bba831c86b982abc605df2c074a832aec7b688ff074c2dec1667ff372d9b51ec37417b02f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe

Filesize
184KB

MD5
06db84874bb380e584035e4414e1eece

SHA1
f9f96598aae937c9b296b3871856330897c7f0bc

SHA256
d1a1aa001e76ad03a4412ba9a15322c8a56be3c5d3a17daa18ce9f5b633854c9

SHA512
4e2aca1b259313d413306bcc97ac1b913600a4d0db3176fb43158b99a3efc343f648e1774686687a617944dccf9eb42840dbbd37151a7c475de2d1652649001c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe

Filesize
184KB

MD5
4562206a5d5aa06a0aa6218a47e3f735

SHA1
28bfa0b6aa7be873788be96f8a5197b0b95c7332

SHA256
77f3172a977e38f2d95ddf607760f3480e3ab80b8aadbf0edc3634c33f8f5ae9

SHA512
429550978dda0b211358e2c31132487ecfca79888a736d638726ad54adfe6917f1a5e5d94d2ddcc4459e91892b0a138783d5ef21d0c41ebbbb3d2c46e0c880f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe

Filesize
184KB

MD5
8e95a90a3187e3e117f6bf0691fb4080

SHA1
418db36d5e5e6d1173e314b4ad0475a981e98e3e

SHA256
55c28331795e5e2d7439e7852231464c35e0993ae1d26df0ab4da3a90029f018

SHA512
812d09c7838ea2f95b8658f6906816c6bab27d60e724ae342a7db82a5f905414a2377baad0e2dbfd460e518b994a867dea3ced61350fc473e9f8ad61bb3f4e71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe

Filesize
184KB

MD5
64c8be4fe2238bdbcc72898a69c822f0

SHA1
d77ae9d5b9641f2c0e770efd9721345a0e2854be

SHA256
8ed42c92a23863be8eef882b8eeb1ccd1e58ab5918156c182bd23d2b059d2bcf

SHA512
32d546f9c9bf7b0abfdd3e7674f9e2c941302b78bbda86c5d8fc198dcb4832ac60948ae428c8e4f9405606c98d8d43a95a73170b849cb29a22b159e7b1f70fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe

Filesize
184KB

MD5
b47c22483e37f7eace69c9718f0586be

SHA1
c6f6845c5c0f958721198f56a78c5aea8239f8ef

SHA256
d489c8f1ee89be2ca4c386a3b98a480d4b30ff99b902d8039d38b6a83d1e7815

SHA512
c3584abdb50cc60f1d2026f7b562fb54f8192300fb02d3335967dae52822a5be58e786a66d6ec6dc82918a13b8395abd2526610e3956ff08349872d5f937e0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe

Filesize
184KB

MD5
e1436f9ba8f2443dbcc28b3423e4473a

SHA1
9534155f3a408958375041481e189df5b655b6f1

SHA256
9ad34086787f1475b8e2c451d9b0c3cd76524c8bca2479b353a5368c6ecc974c

SHA512
7fed173131c3c7c278c130b20099acccafcd1625b43cac3554d65b44cdd9e952521ff5253af1a1545ec766f008ca3f0771e09418530ac3cd7606e0de9e2ed70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54.exe

Filesize
184KB

MD5
c6e3ef9ec540be6c8d146ba7c7a270ad

SHA1
4b1b7ddf6d08c7f8f088895e97d7aa35037d8744

SHA256
74911c1adebaf491cf7760e8b93dd9d9e0480e373c6fedc90a9d493d8b376ee8

SHA512
42bf48bc6e68d827c277cb81ef4e2a2587fb4e486618ad3ce7d0777bac3a5d0c6d9b86549d5cb8d9e0b4457c806b3bd2903bfaa1d6b53ff09ca8048dc4d9446a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe

Filesize
184KB

MD5
7a5acc0de28d4d50599a525b0ab6cac7

SHA1
3bb3f92129ef119191e092a43ad4491523ad2a1a

SHA256
e03aefa8561b849e5d50ad16c8aabe0eda685843a8a1f84ef10adef3331571ae

SHA512
d8bc0dfa0a795e90837f6b156d4e6c59b9d7bae5d7ed7a433a875d9d5e0cabb0468d8b6764ba58a260ac279219d133d39adf25906411b5fd4de67a931d8c390a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe

Filesize
184KB

MD5
91025130ddf0545c0b1c3fa61b7383e8

SHA1
58178bfe39765cd4396929393e808fc1ec8062d4

SHA256
6b9b2e49d025aeae6f393f1a5195d5d27d1db2228c60fb7db063b2d321908bb9

SHA512
a8ffe2d8a1e1be537bd6b3a8a932e5ed8940f524433f4e4384dd085f4890baa5c8b5505d855573bb9ff96de71770033844391b2f78cee9d52369c5b43a461fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe

Filesize
184KB

MD5
f55b23a34bd6c71c4c9a5955cc66abd8

SHA1
c032d8e3a49db0e8907ef418b974dd772a076750

SHA256
0bdef7a074d095bd59d0105564c6ce7fd4ed38ee147947ae70295537d318491d

SHA512
5ad55181da10f088395c8926061b3778ee9bda5087c54f3d0ad8dff27637676b303bb9454ad634ea7b19932cc9fc2693c5fb66ed3bce3811aa9c4f932de2d5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe

Filesize
184KB

MD5
4f4566db0a8bdcdcaefa04d3c4226f93

SHA1
716abf49c77fcf8546adc104a36a742b2f3626ea

SHA256
429d4164b1aa38404434ba9a42b5988a8c9048bde0d8f5e01be4670966500b69

SHA512
ac5fc8f26c1d1f4f86e30354e0e97900e579f8f9bbd8dcc7675db8e0f03e979675c22bab92a048528be7052571b813a63d583250fdd369509a26d2dae42b6b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe

Filesize
184KB

MD5
2f5458e4f59cee50ef44d4ff971d12af

SHA1
f4110b11236d3215c36336d0ac1c53914b73bc42

SHA256
35b9d041b106857924ecefbe8e4975373ebc7447fedcf03d070a0ae90d107158

SHA512
010df8841944d7a86dc74a5f23896e44ebd88937f8776c4dad3196780f500ac3ea3076700c1d66a2c7d250b1fb4654e6b83cd37c9081ca92430618572e679b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe

Filesize
184KB

MD5
62be7085c2ebf9b822883572878de12d

SHA1
c5df7582952d30df91c012e9779e52797dbe43f3

SHA256
644dfd26f5dabc4e6091f1a879d23ec88e3ce62b7de41ead2f765ff95cb64549

SHA512
997d96e01ba3417e99c535d770357cb8ff1a635d62bde06c6db7c5fcbf7f60bbdf75a05fe4984c1e2bd1e680afc0da31b5f10be69cc92f4b7ea94275ad9e9e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe

Filesize
184KB

MD5
66577b4507135663fc253bb537e9b168

SHA1
815f44e76f55723699704e414678dd33660f0a3b

SHA256
86f855b6f033471876fec8d877a94d8d2b07ffa718ac6f4bb55e4066801c34a3

SHA512
594feb729278d41c7c5a6ba78a38d8d17764bed201be16ee1a151956dad16d6c8aaa7486141928c1896774b59ba9ffc568ad46c02760dd61edcaf68a109a6951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe

Filesize
184KB

MD5
c928c38cefcf03617a3b4979eb3af924

SHA1
a95da16c35f28b0467fd0c781a7695d101ad4894

SHA256
30be443ba935138709556bdc1bb8c1334016aaee98154a549cad3205ad8b95fa

SHA512
607773def6207066d2c0d2fac4b5fde5454f7dc5b4d3c20fb4dce7db6a768397daa0c2c8a3ee92e40de0dfa82a428cbce21de52792c4a01131ccba82849319fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe

Filesize
184KB

MD5
e6eaa8352342edabd4db716a8e8cd888

SHA1
ab31fafe69886e536e444c6d025aa13d0eeb4d75

SHA256
47a4c6021ccaabb02ae797b19b4b7bba7049a57953b9031acc17f10ba47aa4ed

SHA512
5097cf489bb441ab1bbbfae21b5002f3cea87836e87fede155bd206f011b846e0353bdd4972bb64f43d4a6be8b1c8cbe25b8870ce6ea5e4b35900c1a2aaad8b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe

Filesize
184KB

MD5
2f523092d5f64d43f4a99d3577583f3e

SHA1
19cd6649fb58900d92efc11332a21c93c075fd15

SHA256
1009d536f47669b24882fb0e26d28fe9e49c15fd5002d190c43c678c0644d145

SHA512
ea2fc7d5a2ee5b0bcefde9deba45d826464cf5629c6ecfcad591d1554424fa987ae689f069fa6666b23e8d7677f97192525d48f96113a484161b28417e2f2c29

Download Submit
memory/3476-2978-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5916-3510-0x00007FFCB8E70000-0x00007FFCB8EC9000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads