135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2

Analysis

max time kernel
150s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe
Size

184KB
MD5

3cb58f87f6c1e22ad79050e9f439da50
SHA1

9875542690449cf167df3a8b339eb652ac3a3178
SHA256

135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2
SHA512

82976b4bc63b539976c2f454a65a6b1d110e167a2510c4d567fb513e19c9f6e0cc411732d2961899a9a0d32eb23298540388d9e3e136c77bb9f133ce442bc53c
SSDEEP

3072:LJcumzoIJzxBdrItWPo8bGUQlvnvnviuR:LJcoyPrIj8KUQlPvnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4644	Unicorn-10112.exe
4132	Unicorn-1088.exe
4416	Unicorn-54928.exe
4868	Unicorn-10527.exe
5080	Unicorn-14056.exe
372	Unicorn-24454.exe
4296	Unicorn-6376.exe
2780	Unicorn-24942.exe
1632	Unicorn-47601.exe
4216	Unicorn-64129.exe
4552	Unicorn-14663.exe
1624	Unicorn-44264.exe
216	Unicorn-31657.exe
4572	Unicorn-44656.exe
3236	Unicorn-15512.exe
5016	Unicorn-31584.exe
448	Unicorn-9072.exe
5112	Unicorn-22071.exe
2812	Unicorn-50489.exe
5020	Unicorn-57895.exe
1964	Unicorn-25985.exe
3568	Unicorn-42321.exe
1608	Unicorn-51183.exe
1124	Unicorn-22455.exe
3128	Unicorn-24169.exe
560	Unicorn-22367.exe
2524	Unicorn-26281.exe
744	Unicorn-33878.exe
3496	Unicorn-50977.exe
4740	Unicorn-1776.exe
2352	Unicorn-20342.exe
1380	Unicorn-21599.exe
5048	Unicorn-8984.exe
3760	Unicorn-25321.exe
1104	Unicorn-43887.exe
4008	Unicorn-21983.exe
2604	Unicorn-11096.exe
1920	Unicorn-7567.exe
1528	Unicorn-19457.exe
2364	Unicorn-19457.exe
1724	Unicorn-44153.exe
2488	Unicorn-60489.exe
2408	Unicorn-54359.exe
1684	Unicorn-24287.exe
2428	Unicorn-59720.exe
5092	Unicorn-44153.exe
4604	Unicorn-60224.exe
892	Unicorn-42913.exe
3440	Unicorn-59249.exe
3556	Unicorn-39383.exe
3944	Unicorn-4110.exe
3796	Unicorn-42337.exe
1464	Unicorn-22663.exe
1824	Unicorn-19753.exe
4668	Unicorn-32751.exe
1360	Unicorn-30342.exe
2864	Unicorn-12160.exe
4304	Unicorn-51657.exe
4980	Unicorn-2648.exe
4960	Unicorn-2648.exe
3164	Unicorn-18985.exe
4804	Unicorn-35513.exe
4848	Unicorn-35513.exe
2796	Unicorn-13046.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
5840	2228	WerFault.exe	166
7268	2228	WerFault.exe	166
17476	15000	WerFault.exe	720
17784	15192	WerFault.exe	721
17820	14752	WerFault.exe	724
17864	15200	WerFault.exe	722
18948	17084	WerFault.exe	821
19012	17128	WerFault.exe	822
18976	17112	WerFault.exe	834
18476	18924	WerFault.exe	924
2296	19016	WerFault.exe	927
16128	11240	Process not Found	1246
8776	6608	Process not Found	333
15324	9916	Process not Found	1233

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2924	svchost.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	6264	Process not Found
Token: SeChangeNotifyPrivilege	6264	Process not Found
Token: 33	6264	Process not Found
Token: SeIncBasePriorityPrivilege	6264	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe
4644	Unicorn-10112.exe
4416	Unicorn-54928.exe
4868	Unicorn-10527.exe
5080	Unicorn-14056.exe
372	Unicorn-24454.exe
4296	Unicorn-6376.exe
2780	Unicorn-24942.exe
1632	Unicorn-47601.exe
4216	Unicorn-64129.exe
4552	Unicorn-14663.exe
1624	Unicorn-44264.exe
216	Unicorn-31657.exe
4572	Unicorn-44656.exe
5016	Unicorn-31584.exe
3236	Unicorn-15512.exe
448	Unicorn-9072.exe
5112	Unicorn-22071.exe
2812	Unicorn-50489.exe
1964	Unicorn-25985.exe
3568	Unicorn-42321.exe
5020	Unicorn-57895.exe
1608	Unicorn-51183.exe
1124	Unicorn-22455.exe
3128	Unicorn-24169.exe
560	Unicorn-22367.exe
2524	Unicorn-26281.exe
744	Unicorn-33878.exe
4740	Unicorn-1776.exe
3496	Unicorn-50977.exe
1380	Unicorn-21599.exe
2352	Unicorn-20342.exe
5048	Unicorn-8984.exe
1104	Unicorn-43887.exe
4008	Unicorn-21983.exe
3760	Unicorn-25321.exe
2604	Unicorn-11096.exe
1920	Unicorn-7567.exe
2488	Unicorn-60489.exe
2364	Unicorn-19457.exe
5092	Unicorn-44153.exe
1528	Unicorn-19457.exe
2408	Unicorn-54359.exe
1684	Unicorn-24287.exe
2428	Unicorn-59720.exe
1724	Unicorn-44153.exe
4604	Unicorn-60224.exe
892	Unicorn-42913.exe
3440	Unicorn-59249.exe
3556	Unicorn-39383.exe
3944	Unicorn-4110.exe
3796	Unicorn-42337.exe
1464	Unicorn-22663.exe
1824	Unicorn-19753.exe
4668	Unicorn-32751.exe
1360	Unicorn-30342.exe
2864	Unicorn-12160.exe
4960	Unicorn-2648.exe
4304	Unicorn-51657.exe
4980	Unicorn-2648.exe
3164	Unicorn-18985.exe
4804	Unicorn-35513.exe
4848	Unicorn-35513.exe
1672	Unicorn-24007.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4644	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	86
PID 4068 wrote to memory of 4644	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	86
PID 4068 wrote to memory of 4644	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	86
PID 4644 wrote to memory of 4132	4644	Unicorn-10112.exe	89
PID 4644 wrote to memory of 4132	4644	Unicorn-10112.exe	89
PID 4644 wrote to memory of 4132	4644	Unicorn-10112.exe	89
PID 4068 wrote to memory of 4416	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	90
PID 4068 wrote to memory of 4416	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	90
PID 4068 wrote to memory of 4416	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	90
PID 4644 wrote to memory of 4868	4644	Unicorn-10112.exe	93
PID 4644 wrote to memory of 4868	4644	Unicorn-10112.exe	93
PID 4644 wrote to memory of 4868	4644	Unicorn-10112.exe	93
PID 4416 wrote to memory of 5080	4416	Unicorn-54928.exe	94
PID 4416 wrote to memory of 5080	4416	Unicorn-54928.exe	94
PID 4416 wrote to memory of 5080	4416	Unicorn-54928.exe	94
PID 4068 wrote to memory of 372	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	96
PID 4068 wrote to memory of 372	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	96
PID 4068 wrote to memory of 372	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	96
PID 4868 wrote to memory of 4296	4868	Unicorn-10527.exe	97
PID 4868 wrote to memory of 4296	4868	Unicorn-10527.exe	97
PID 4868 wrote to memory of 4296	4868	Unicorn-10527.exe	97
PID 4644 wrote to memory of 2780	4644	Unicorn-10112.exe	99
PID 4644 wrote to memory of 2780	4644	Unicorn-10112.exe	99
PID 4644 wrote to memory of 2780	4644	Unicorn-10112.exe	99
PID 5080 wrote to memory of 1632	5080	Unicorn-14056.exe	101
PID 5080 wrote to memory of 1632	5080	Unicorn-14056.exe	101
PID 5080 wrote to memory of 1632	5080	Unicorn-14056.exe	101
PID 372 wrote to memory of 4216	372	Unicorn-24454.exe	102
PID 372 wrote to memory of 4216	372	Unicorn-24454.exe	102
PID 372 wrote to memory of 4216	372	Unicorn-24454.exe	102
PID 4068 wrote to memory of 4552	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	104
PID 4068 wrote to memory of 4552	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	104
PID 4068 wrote to memory of 4552	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	104
PID 4416 wrote to memory of 1624	4416	Unicorn-54928.exe	103
PID 4416 wrote to memory of 1624	4416	Unicorn-54928.exe	103
PID 4416 wrote to memory of 1624	4416	Unicorn-54928.exe	103
PID 4296 wrote to memory of 216	4296	Unicorn-6376.exe	105
PID 4296 wrote to memory of 216	4296	Unicorn-6376.exe	105
PID 4296 wrote to memory of 216	4296	Unicorn-6376.exe	105
PID 4868 wrote to memory of 4572	4868	Unicorn-10527.exe	106
PID 4868 wrote to memory of 4572	4868	Unicorn-10527.exe	106
PID 4868 wrote to memory of 4572	4868	Unicorn-10527.exe	106
PID 2780 wrote to memory of 3236	2780	Unicorn-24942.exe	107
PID 2780 wrote to memory of 3236	2780	Unicorn-24942.exe	107
PID 2780 wrote to memory of 3236	2780	Unicorn-24942.exe	107
PID 4644 wrote to memory of 5016	4644	Unicorn-10112.exe	108
PID 4644 wrote to memory of 5016	4644	Unicorn-10112.exe	108
PID 4644 wrote to memory of 5016	4644	Unicorn-10112.exe	108
PID 1632 wrote to memory of 448	1632	Unicorn-47601.exe	109
PID 1632 wrote to memory of 448	1632	Unicorn-47601.exe	109
PID 1632 wrote to memory of 448	1632	Unicorn-47601.exe	109
PID 5080 wrote to memory of 5112	5080	Unicorn-14056.exe	110
PID 5080 wrote to memory of 5112	5080	Unicorn-14056.exe	110
PID 5080 wrote to memory of 5112	5080	Unicorn-14056.exe	110
PID 4552 wrote to memory of 2812	4552	Unicorn-14663.exe	111
PID 4552 wrote to memory of 2812	4552	Unicorn-14663.exe	111
PID 4552 wrote to memory of 2812	4552	Unicorn-14663.exe	111
PID 4068 wrote to memory of 5020	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	112
PID 4068 wrote to memory of 5020	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	112
PID 4068 wrote to memory of 5020	4068	135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe	112
PID 4216 wrote to memory of 1964	4216	Unicorn-64129.exe	113
PID 4216 wrote to memory of 1964	4216	Unicorn-64129.exe	113
PID 4216 wrote to memory of 1964	4216	Unicorn-64129.exe	113
PID 1624 wrote to memory of 3568	1624	Unicorn-44264.exe	114

C:\Users\Admin\AppData\Local\Temp\135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\135580ad57fc1c425b3cdd65cea8c285919c4e8cff42471ba68b6e548a9f14b2_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
    3⤵
    - Executes dropped EXE
    PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        10⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        11⤵
        
        PID:19264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        10⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28878.exe
        10⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        9⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        9⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        9⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        9⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        9⤵
        
        PID:16540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34982.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        9⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        9⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        9⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        9⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        8⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        8⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-758.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        8⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        8⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36112.exe
        8⤵
        
        PID:18400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        7⤵
        
        PID:19312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        9⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        9⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        8⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        8⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        8⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44584.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        8⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        7⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        8⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        8⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        6⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
        6⤵
        
        PID:18172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        9⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        9⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
        9⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        9⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56039.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19071.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        8⤵
        
        PID:18932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        8⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        8⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        7⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        8⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        9⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        9⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55308.exe
        9⤵
        
        PID:18624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
        7⤵
        
        PID:17128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17128 -s 460
        8⤵
        Program crash
        
        PID:19012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        7⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42192.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        7⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        7⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        7⤵
        
        PID:18456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10192.exe
        7⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        7⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
        7⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46336.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        6⤵
        
        PID:18440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20326.exe
        7⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
        7⤵
        
        PID:18684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        6⤵
        
        PID:19444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4584.exe
        5⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        5⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        5⤵
        
        PID:508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        9⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41567.exe
        9⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54920.exe
        8⤵
        
        PID:18148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        8⤵
        
        PID:19432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        7⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        7⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        7⤵
        
        PID:14864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        7⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        6⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        6⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        7⤵
        
        PID:15548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2255.exe
        7⤵
        
        PID:17960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        7⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        6⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
        7⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49767.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        5⤵
        
        PID:19328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        6⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        7⤵
        
        PID:17692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        6⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10192.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        6⤵
        
        PID:19324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        5⤵
        
        PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        6⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        5⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25318.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        5⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
      4⤵
      PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        5⤵
        
        PID:16572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        5⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        5⤵
        
        PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
      4⤵
      PID:12576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      4⤵
      PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
      4⤵
      PID:17000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        8⤵
        
        PID:14752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14752 -s 436
        9⤵
        Program crash
        
        PID:17820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        8⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        7⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        7⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        7⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        7⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1863.exe
        7⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        6⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        8⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        8⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        7⤵
        
        PID:17992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        7⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        7⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        7⤵
        
        PID:18900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        6⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        6⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47359.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16190.exe
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40832.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        6⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
        6⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        5⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25337.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        6⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        7⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56919.exe
        6⤵
        
        PID:15516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        6⤵
        
        PID:18684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        7⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        6⤵
        
        PID:15000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15000 -s 468
        7⤵
        Program crash
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        6⤵
        
        PID:17112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17112 -s 436
        7⤵
        Program crash
        
        PID:18976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        6⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
        5⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        6⤵
        
        PID:17580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        6⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39871.exe
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        5⤵
        
        PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        5⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        5⤵
        
        PID:18848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        5⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
      4⤵
      PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        8⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        8⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
        8⤵
        
        PID:18500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        7⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        6⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        6⤵
        
        PID:19124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43057.exe
        6⤵
        
        PID:16376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        6⤵
        
        PID:12812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        5⤵
        
        PID:15504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36577.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        7⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        7⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        6⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15192 -s 464
        7⤵
        Program crash
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        6⤵
        
        PID:19280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14023.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        6⤵
        
        PID:19068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        6⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        5⤵
        
        PID:15200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15200 -s 436
        6⤵
        Program crash
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        5⤵
        
        PID:19292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        5⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33808.exe
        5⤵
        
        PID:18480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
      4⤵
      PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
      4⤵
      PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
      4⤵
      PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
      4⤵
      PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44064.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
        5⤵
        
        PID:14312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      4⤵
      PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8632.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        5⤵
        
        PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
      4⤵
      PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      4⤵
      PID:14888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
    3⤵
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
      4⤵
      PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        5⤵
        
        PID:12980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        5⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
      4⤵
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
      4⤵
      PID:19364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
      4⤵
      PID:19244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
      4⤵
      PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      4⤵
      PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
    3⤵
    PID:7916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
    3⤵
    PID:12128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
    3⤵
    PID:16240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        9⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        9⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19459.exe
        9⤵
        
        PID:18976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        8⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        8⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        7⤵
        
        PID:14564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        7⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        6⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44416.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        8⤵
        
        PID:15004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        8⤵
        
        PID:18672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        8⤵
        
        PID:19176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        7⤵
        
        PID:19156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        7⤵
        
        PID:19052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30846.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        6⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        6⤵
        
        PID:18628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        9⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        8⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        7⤵
        
        PID:18808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45855.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        5⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        5⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        6⤵
        
        PID:19428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        5⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
        5⤵
        
        PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        9⤵
        
        PID:19416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        8⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54423.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        8⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        7⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        5⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
        8⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        8⤵
        
        PID:19320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        7⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        7⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        7⤵
        
        PID:17200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        6⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        5⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        5⤵
        
        PID:17528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        6⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        8⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        8⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9350.exe
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
        7⤵
        
        PID:18924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18924 -s 468
        8⤵
        Program crash
        
        PID:18476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        7⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22699.exe
        6⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
        5⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        5⤵
        
        PID:19252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
      4⤵
      PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        6⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        5⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
      4⤵
      PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61359.exe
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        5⤵
        
        PID:19380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
      4⤵
      PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        5⤵
        
        PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60697.exe
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        6⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15544.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        8⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        7⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        6⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        6⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        7⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57504.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        5⤵
        
        PID:11088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        5⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        5⤵
        
        PID:19016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19016 -s 464
        6⤵
        Program crash
        
        PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9000.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
        6⤵
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        6⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        5⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        5⤵
        
        PID:18732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
      4⤵
      PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        5⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
      4⤵
      PID:17728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        7⤵
        
        PID:18960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        6⤵
        
        PID:17084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17084 -s 464
        7⤵
        Program crash
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
        6⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        6⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        5⤵
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23191.exe
        5⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        5⤵
        
        PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        5⤵
        
        PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
      4⤵
      PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2902.exe
      4⤵
      PID:13508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
      4⤵
      PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
      4⤵
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        7⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        7⤵
        
        PID:19044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21831.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        6⤵
        
        PID:19304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        5⤵
        
        PID:11380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
      4⤵
      PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        5⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        5⤵
        
        PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      4⤵
      PID:12352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
      4⤵
      PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
      4⤵
      PID:18616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
    3⤵
    PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27169.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      4⤵
      PID:11984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
      4⤵
      PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
      4⤵
      PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
    3⤵
    PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
    3⤵
    PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
    3⤵
    PID:13868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61720.exe
    3⤵
    PID:17840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        9⤵
        
        PID:19208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        8⤵
        
        PID:18856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        7⤵
        
        PID:19216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40091.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        6⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        6⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        6⤵
        
        PID:19324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        5⤵
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        5⤵
        
        PID:2228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 632
        6⤵
        Program crash
        
        PID:5840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 632
        6⤵
        Program crash
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        6⤵
        
        PID:17296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52000.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19902.exe
        5⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        6⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        5⤵
        
        PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        5⤵
        
        PID:13056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
      4⤵
      PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
      4⤵
      PID:15792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        6⤵
        
        PID:18856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        6⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
        6⤵
        
        PID:12064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62751.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        5⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64592.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        6⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38083.exe
        5⤵
        
        PID:14068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
      4⤵
      PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        5⤵
        
        PID:9960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        5⤵
        
        PID:19004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
      4⤵
      PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12414.exe
      4⤵
      PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
      4⤵
      PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
      4⤵
      PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        6⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        6⤵
        
        PID:18844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        5⤵
        
        PID:12024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        5⤵
        
        PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
      4⤵
      PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        5⤵
        
        PID:19060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
      4⤵
      PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
    3⤵
    PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
      4⤵
      PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
      4⤵
      PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
    3⤵
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
    3⤵
    PID:9500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
    3⤵
    PID:14224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    3⤵
    PID:17964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
    3⤵
    PID:18580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        7⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        7⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28537.exe
        7⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        7⤵
        
        PID:18904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        6⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        6⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        7⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        5⤵
        
        PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18542.exe
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        6⤵
        
        PID:19028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
      4⤵
      PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
        5⤵
        
        PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10494.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
      4⤵
      PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
      4⤵
      PID:18664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        7⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        7⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        7⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48168.exe
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        5⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        5⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        5⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        5⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
      4⤵
      PID:15484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
    3⤵
    - Executes dropped EXE
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        5⤵
        
        PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
    3⤵
    PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      4⤵
      PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      4⤵
      PID:3348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
    3⤵
    PID:8412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
    3⤵
    PID:12828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
    3⤵
    PID:16560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        7⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62920.exe
        7⤵
        
        PID:18400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        5⤵
        
        PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        5⤵
        
        PID:19076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26238.exe
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      4⤵
      PID:18000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
      4⤵
      PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        5⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        5⤵
        
        PID:19024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        5⤵
        
        PID:18512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        5⤵
        
        PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49056.exe
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
    3⤵
    PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
      4⤵
      PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      4⤵
      PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27456.exe
      4⤵
      PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
      4⤵
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
    3⤵
    PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
      4⤵
      PID:19356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
    3⤵
    PID:10616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
    3⤵
    PID:16368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7302.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
    3⤵
    PID:18896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
      4⤵
      PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        6⤵
        
        PID:18448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1247.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
      4⤵
      PID:11508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
      4⤵
      PID:17140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
    3⤵
    PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
      4⤵
      PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
      4⤵
      PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
    3⤵
    PID:10952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
    3⤵
    PID:14948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
    3⤵
    PID:18692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
  2⤵
  PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
      4⤵
      PID:11000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
      4⤵
      PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
      4⤵
      PID:18832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
    3⤵
    PID:7988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
    3⤵
    PID:12596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
    3⤵
    PID:8880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
  2⤵
  PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45425.exe
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
    3⤵
    PID:11460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
    3⤵
    PID:16960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
  2⤵
  PID:8144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61664.exe
  2⤵
  PID:12176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
  2⤵
  PID:16252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
  2⤵
  PID:3260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
  2⤵
  PID:16436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2228 -ip 2228
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2228 -ip 2228
1⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 15000 -ip 15000
1⤵
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 15192 -ip 15192
1⤵
PID:17416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 14752 -ip 14752
1⤵
PID:17424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 15200 -ip 15200
1⤵
PID:17576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 17128 -ip 17128
1⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 19016 -ip 19016
1⤵
PID:4300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10112.exe

Filesize
184KB

MD5
d5f4862b4743d7183d29556492818692

SHA1
ed9d6413785720da3af767fc6f8ea95fb841ddc9

SHA256
800357a34e6d1eae3c3c6b5e440d6de0fe38b9b843461a67f62e97e6ff2b4bde

SHA512
2f30a06be9d5b4b57827fbe984c979ab340ea18ae047388f098e9f57606cc23758fdaa8c95b693e7d993bbd0708aa02b1b6ed54a42bc2e9589682c6dd9a9318b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe

Filesize
184KB

MD5
2deebb7b5cd634778429df922e9a68f4

SHA1
b5662d336424a62b0c5a05380cbdb981f443ee21

SHA256
31568386565cb74d9f2c4f0e8a97db9c489b38253faa2393cb5b3f0236d166a0

SHA512
1ef05dc3662b0f5e391bc9cfdfc9d60e83ff89e5784b159e015e723a40017d2decbdbf7c73a6fbb4ecad89c28afb1d539ed09a78933114303cad457f7cf06dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe

Filesize
184KB

MD5
748062d01f22d01f6aada55ad1d37242

SHA1
0c900400dea423faced35fc2c737172df8a9496a

SHA256
21338b0e57d1b2a64ac889d7143d2a99007a72828015b58c00bc9e042e338f3f

SHA512
28fd428ec08986f132790df8532f943f373e9506b45f27ad1109e8d2c8a1c01383f359fd0ecf3df197f33c6b484be1e4514dd64ff734d17ab05a4c21b1fc49af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe

Filesize
184KB

MD5
b18beb38455d6b397025661641a34e2e

SHA1
aed7fc96dbc7946aa436b4217ee586c56c2a7757

SHA256
62c95d5e84b7dae2fb6eba04f9f7127512e56fe773c7be2ca1406fc09257aba1

SHA512
380b3a468b87e47e9c70165ca21615d1bc08b34a2182e55062c58776f3cae54641ccc84125e78bbeddd866fd681dee220772bba36ce8494abad0c63592847d4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe

Filesize
184KB

MD5
9e58ca56b6f9a0e48333c039a47a3393

SHA1
5fcfb7c019ad7e859453f7a16852edbc77b013a9

SHA256
e7f3f1d6fa44b88495d2df67eac04da50e810fdb44d31334bd7d4802a5f8988c

SHA512
fb033ab53f5041376db7c5b66485b6cd02075c7edab30fb9c0de01f3135cb4945a8de81f6202fdad02de088f6507dff909ea79ecf23c7619e9be05160126a6db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe

Filesize
184KB

MD5
b6bae286649e0454497d63d13139e7f8

SHA1
121bb4f84334e0c305f6b24dede9a35b374017e0

SHA256
ad6105c316d2a3ce662b245a14fea44692a94e56efe3f0aaaab743131cbc3a9b

SHA512
a9c300d9a3fe83131798a6ddc29abf6b8c4952dadd915da1117c430ee1be8c91030b7eae5d96888c5a9c23488373dbb4a8b636cd28684ffef567473c6a3882b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe

Filesize
184KB

MD5
b4cf642e8731cff8673af633c8c5ac5d

SHA1
a49b6c9d800920cbf7d90a949e9cd792ee19b9d4

SHA256
1076231f06f46746c63abe842d25125229e72f42ca355c30334ff61c912efdc6

SHA512
c87ba5456cb130e3431d1e3b7231d669da5c18fcf74285e380adfb38fb4da73d0c3a8b54a3498b3ab129066f40d3890414bafc2b413377ce107ffea918049c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe

Filesize
184KB

MD5
e6dc9e86aa028bfdc38a366528d4f212

SHA1
d2dae66c43cce64f89afa64524a49d0dd44b3a4e

SHA256
bf9c3c4e627b181bf2a99ff251d1c2dc36bc22d229db3138f6cf50c6f00c98f8

SHA512
3dcd4f131a571fe2c3372e4c02d2d804b9322f4d8ff0851c20ecb8f869380e5a6020e592e9cec670b3ea90db46afbecfdae3d25ffbce935a2c33e8189438652f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe

Filesize
184KB

MD5
081db6673903722f784d97e4f165e16f

SHA1
fa1f89f2566a3ff96ebb0efe0650e6cd95954233

SHA256
0ce122d86b50b90e1b59f38fda4752fde8c40d4e385c23ed53ab8eb5b75d5fa2

SHA512
94d189ea5718108824751af4f95b1f092f16b4e90b2a414aea32f5771761a97312226dc9fd98ba4fb6837de23bb12ff80b8f321cfafabfee198e72d7691dac6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe

Filesize
184KB

MD5
1d3ca1ee82de748ac777eab545abe1dc

SHA1
252619e03f83e9316174bb3ecc587daac7037cfd

SHA256
8c4fd5ccc4cbbb2e1c047166e8c22b143b469411a68f2043b4da965737f2b6b0

SHA512
8a540f1968a635517c0d5a1945602653e3bb7e061024fc295f9eea88b0b923f9765abd8b0347bc48e73f3da93883c89a92901cf859a4962de3bf1eddde95196b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe

Filesize
184KB

MD5
710868082f678957beb85cab95c3908c

SHA1
82499ba7eeb6043eb737ff693439a2a997b8ca39

SHA256
5558ba6e6232bd59601aba1258b3f0c569a4d9e3eea35116eb621383c8dfb34c

SHA512
dbf752f47fca402af88c277a20239da37b1379f355d665643e85ad086f6b762fe769836de004bbdc3f5546d9f68254a79ee43b289eec8df10bb8d2bc0f33b942

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe

Filesize
184KB

MD5
82b7fb171a79f9970116519618e9b44b

SHA1
f5a8d999237143fb6d588d1f70be0a84aa5e1cd3

SHA256
02994229c6e235c15a6e14efe86f1717e5e96b67db36c7fe29cc7e7f6bb73a84

SHA512
d9ae455c7924d0ecd1ab4c3b073617ce4101690895a9894a5e55f8aa817b30b3b5fbff41d1c9a0bd86dd0e3a30a616345d87bd001c218c24ef9258db694b30b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22367.exe

Filesize
184KB

MD5
36d505c5e45d4b2162d981d990428afd

SHA1
d65c81ef3e4eebcb44f5891bfeadc402a8ba1e78

SHA256
3d5c36d922dda491dd3771f4d71b25c78c6259c80c87cd17597fdc598d42b678

SHA512
a9640f75fa178f2ea302e901acd13f957f7af7689cdfff959c1a5d663a77466150db4c433b6cf80cf644b9990d871dce34781a65f8ce8ad1cf0aa98631d92c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe

Filesize
184KB

MD5
396711aa628ffee518385b07d41ec7fe

SHA1
ffa65782d41fd78238f219f1546672b09397e8bd

SHA256
6de7a9ead0d7da30e4daa14338e8a43cd19a692b3a31e0d4f60046877027ad43

SHA512
ba783a18a2b8baff522eb5dddf68a9471a7de0e5218ff75c60348df27ca2c13deedfc363b3a1997df65f87c0c17177cf54e7d409ca4ebae29bf7ea67b5aef67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe

Filesize
184KB

MD5
ccb91a817ae5871358ebbc4ef1c8b9d6

SHA1
08b3ddb1e7a9e5f70a86a65d4c666c6b07bcb957

SHA256
7e145d78883dca733a386e4e79f7e85dc3bd5432f5534e06969ec39396bde177

SHA512
e75c5b9e49fd226ad28197a615b40c81b45e854713feaddc7c2057926898645d3e90e360296bf6bce7018531b9bcaef6773e6c5e41cb2972f9b6d4bca8bc299b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe

Filesize
184KB

MD5
4152b7d7be6caefa01168297f98684f8

SHA1
59001f828769f2d5ce6d4c966a168d2ba14c9b1a

SHA256
df6914669e987eb0b6f91e45eade997da0770957ca64973c9a91a7d07791e5ea

SHA512
f030248a039b4e35b4cb836adabffb17024b773f920f3a34e44feec11aa9cef6a517daaabbf1bd17528ab402029c37ed1c63a86009b81d11188ddbda4f7655a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24942.exe

Filesize
184KB

MD5
a313f15fa71b7177242c92e8f7cc6dcf

SHA1
ad9c9f3dcffccd97ac851017899d302ee9ceb6f4

SHA256
30cbcc70d719d102e06d0322dda78ef5447d194b8ab4efafe9250c4e5d9660a0

SHA512
612ea56b5327cddfd0035bcccced0400e43e1c9bf73f57fd988b649a97d3803db602e8623ada97779faef893cff6f651680339c359a256d4553d8cdbabfcac77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe

Filesize
184KB

MD5
bf9a9497558465248577f969e34382c4

SHA1
9017de1f70a0ff559076bfab1e2c55418e6f8a4c

SHA256
a1c0d7d24f35349c9be3711a4ba6d71110eb4508e008880997cbdd0450324c33

SHA512
63a277192fc010bc20eeea80f312e70e2c23c22a14ef3121f84900fcdc022b2632a175bd99078018583638662501168f59585d836ad607def4a76274a1912be2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe

Filesize
184KB

MD5
3901daef7bdb4d0fc762f1c3f2f48ef9

SHA1
5ab0e39e5dcfc6b7483b06ff192e4d4ab7af0e8e

SHA256
94db85679a8169910c82cdd78aea84dcb14d51bb975d4de87eb0be27e5030752

SHA512
04c4b54ebcb4722f8a7d23c10dae801243561b53106fd77861d1c8293572b296a10404a270c7aa62a3a4d0465eb5d9374489b9aabdb45e540305712775759a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe

Filesize
184KB

MD5
5d7b0790b1103adcc5bb92b34fd4de18

SHA1
819fffcf6cdf25376a27df1154a0e72b429e4668

SHA256
92cf93e31cd509483580eaf2b5b23533ba6ecd600dedd2a81052e916712b7e5f

SHA512
8bcc6705711ea01a20aab5a7975ebe49feae1eeb12693ea7b79d600eadd28b80341ba643b19f7e2cd0873f1bee2da196c4401c78c7fbe72d1473ea7a1340c2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe

Filesize
184KB

MD5
8579aad4854f2cd189d39710b8e743de

SHA1
57cd16a2fbe22d4df2de4870b8bfd4d2d2d4c547

SHA256
82abdd0e273d72807d6aa31024403326188ee1b05ee33365706f23288cdad1da

SHA512
528bc1f33e248febc58a015a5cb0d5a1e36abe6f9803346e12114e9f98e6c3def4f09ff92463f6caef2ea1a06ea6fa7fd774e76ebaee844633cfc870dbe3ad8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31584.exe

Filesize
184KB

MD5
75a36ca4b2dc25ddbb2d1d35ed6b81ae

SHA1
cab3b427b2cbff8cbdaef521224285d89a4374dc

SHA256
b7c89c9c35047b1e955b131334d4989deffa1786d3a9f5a9a6c9bdb3c6c3cd18

SHA512
d8ad96ba3ed0e8263618f4d9c90b083c79f7eed1c32c118476cc4d4c66f636c514029c743ae5b3df283157df5cf28b451e67e39e1c7f9b00d0cafe36864b6eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe

Filesize
184KB

MD5
9c478dcab9b12a4ff878754820d39cb6

SHA1
daf3f890f8d324e1e2a49103ab65fd2ff5d82875

SHA256
d9ad36c35cfb19766193f7d837f27aba9ad15b9b13b4ecb2f279957e73aafadb

SHA512
ffb99c636c0e6f8dfce12cd77ba1abd4e7bd05d24120e2bffd9543bfa0cc9bb04060b9b0887d96452b480a3854d2269603952b865ffeca5836e043b96dbad278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33878.exe

Filesize
184KB

MD5
b006165a053efdbcf12cc6da4380041d

SHA1
7ce34559faffd0e438c251bc6e49ad3a16e87d3c

SHA256
c369ab8c7958db5e4c1e954b696773dc7c91ffc6992f2d2b6884e1851addf494

SHA512
88ac395d8d5a8f87e62bd77b2984f2d6edde2b8264d9a3ea8427e01b3e77da095c9f030fd5a9811a0c05ffcc3c66aa8d43567d7c3f1d77b17f7d9fed61155c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe

Filesize
184KB

MD5
896c5bc7443d2cd3a1ec9911d0e9ef88

SHA1
8dff5b99a5eed52834e4dd6ab3d0e9be78d4909c

SHA256
18cb90658257b841b15153b75bbad99985b0fac6ef39f901a7922e5d24c5be42

SHA512
4e39c37c9dfe233b26f861781fc30954faeb6c51546744a355dd93cc4afad6bfd441fbbeee8800249af3296dbcd0adb65bd612704c308a26853a815ddc7169ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe

Filesize
184KB

MD5
139bbf9fea9ec1a393d5ba95ffa12bf7

SHA1
1ac91f598687ead67fb0355540343fc32156a066

SHA256
734bcfe5996bae20d66beedc890a6df6578a3abe3b16e5037c1d2c03ab2c1781

SHA512
2274bd64d08e516e6189df3d265ac60a94e92a17a72b0f6e3233bdf351f4d2f7f9fe515641be89769a5c38f475231c400b0cf90698196380a274a07ff9c1a4e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe

Filesize
184KB

MD5
b68d028adfbf8f78df9ff0077ae88cf6

SHA1
1b86f24957975848f576c5445afcdbaf76b43197

SHA256
8e921feeecfa71f54e22eb1de914780c43f08d8a86b27c40b5c3f10e70cf0cc4

SHA512
f81fd53a48d0b1c71452cbcf400303a1fde8b07f324750513ba3ae13533fd4d032f00e33493d21f25a32ff8c7f0ab9b69e6638b25c20461e445fe63667b1c6c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe

Filesize
184KB

MD5
99d84e1cf08aa28f747dce1ae648a548

SHA1
655f9f266ef26e222f610d912f44a37abe44524d

SHA256
9bd812f25c7b3fcb4ca57fdde43b74ff6feb1e027cb43a28558ae88dd12d8da8

SHA512
2e2f53a338edfb13cf4e7c1a03973fe6342cb494dc112826752ccacb8b7fe8cb734210efc6861c66345528be2dcf21c425bc810ff2103b5251d0631ba68e89cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47601.exe

Filesize
184KB

MD5
77baca57919bdc4c11cde58af0e07637

SHA1
5fb44410f075776aa5feb5e1d0fbff2dfa8927a1

SHA256
29773cfdef10527ab7bad149e3a333d62506c97b5a6e09bb6e040403b652e9fa

SHA512
7169ced11f34cd5b5e8d7eb4d4f9dbd5ca9b2c01f542b8448d9faf1c3c60cc64e6595ff068447e1c64c751d073028cca7506e663265ca49c2f26870044e50d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe

Filesize
184KB

MD5
98666d9c77b1c0ed7d9421956913396f

SHA1
8d41b4d4546dcae824b146bd0f5a8d61193fb42d

SHA256
3e703e6524c9d2ee08a611a6bae1d7e8e785fde2a3c2b910866d3582c722359e

SHA512
ff4599e7b3d489c9d2b4d0e2c1184b8c6b04d3fef2ac92c02c77cc6756da44e9bec982da859493067527a0087b66d4013b263ae58588a7a14c4aa1d59def3c7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe

Filesize
184KB

MD5
ed5dadddcc5a367b4b273cee3b5a5762

SHA1
07052c025bfa6bba3a67a03eca04953639a1d1e3

SHA256
a7010feeafb34d07af4754081da67dd09294e33a860d62e4f65b7c9d8a501900

SHA512
a26bc65273bdbbd197302737b7f2655cabca58e1fdde3bcf4fc11137aa7d4b5059c1edc112f5336f9f4cead0c10a84bc9dda7ab6056af95139a14b4a3319ba62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe

Filesize
184KB

MD5
12b04795104b22341726665e4d244e30

SHA1
29a024ac09e88a28f4ee571a873ac41e977ecd9c

SHA256
24d721ca15c561c7586433bf59bafce5061dfed0334e5e2ce5d0c38660d39b4c

SHA512
1ec8f2cc85928d8155aba908fe2b43418ff40e1edec1bfcbd35577bdf51c16b071427793149d6441e7c2b7479af399f1025e5e459f83f0db5d07f7366f930261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe

Filesize
184KB

MD5
11429412536c527c6d762dc251dfa4c1

SHA1
f745faac7596f099e84177f69636663f301f57ae

SHA256
517103704255b7dad3f0694c28f0a7bb0290c6db0b401ea98d05acf56c39b37b

SHA512
350a9b4a170e49c88f921fb242102e4d1dd3dc4ed924adadb39df53d05731e73339b29c3b912fd488fce39ecc6528d0e295d2799fa6de45cc8d2cd16e6a3286e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe

Filesize
184KB

MD5
4666eddd6bd11fc11576076b98f7005d

SHA1
93a05fc2b90315a53c22817cd1bd6bb75653cc7f

SHA256
05822ef6de6300199075557c72c48a6a58d4943c6fe739ecd51baffa45a0e00b

SHA512
a309d50b7fbd9f29cae8c6b904a14d9a2cacc5c28962e95c11afee26bf8867aa4a72700b7c8a94508900f2c47ba9d3817c4bd5aec953ffdfeb943e96aff2e27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe

Filesize
184KB

MD5
3e3c03eb46f38ee4bac4d439a12de978

SHA1
6c4ffbd1888f73ab1b5c40f867cae6e0beaa14ce

SHA256
7f6b354e684af619d3a1e8e6292d957daba1457bd39bb35f4896e9e422cd0b80

SHA512
d2b884f1576e121505c6ae5b97495b0a5a5d9375735ff2fd1e1f04c2a0fc560d78e103ff4104dd25ecba168421614cf9c3c0a3f8fd800f30c5d470df5e891900

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe

Filesize
184KB

MD5
d1a2eda1af1fd366f0b05837fdb268ed

SHA1
b451acaa418d4bbb79330b3a798cc3cacc7c9633

SHA256
6e269c38514f2e14a026ba7de9848f992e66b522a39c29958374c50c934c998d

SHA512
e7933cbae013a81ceaa5abd6e5d66a0147faf7a0bb66adad357213cf2ffa723b869d746e2be173db732877eabb3d66cd46812dc2387e17d1ec6146edf284c671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe

Filesize
184KB

MD5
f5892b8fed586b85fb456152a4c8e2ae

SHA1
68d6d3613882436bf54bcf2b12998a3cb667f6f1

SHA256
a29fe81730cf1d3ae5f065711eb9c4aab8613e7dc7426cae173e9a4d10144c28

SHA512
cf9bfeb388ec846eb8ce74e37fcd748a35c9784e5b261ed2a4c9cbdb8d2456ccb33c50ff54a6bd9bbf1fef8cc4e1fd9e2da4802b58a7a046fbef538b070f444d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe

Filesize
184KB

MD5
462378cba752d0746e71266ec605aa5d

SHA1
8f10f5536ddeb3778dc302e8f34b9acaf10fde31

SHA256
0eade2c6daafcd762912ad197959bc7d8338696bb363f44cd39d329a8fc7cab1

SHA512
556301a46280c053fcdeda75b3bc961a3419f6e03bd5b6238d0c3ed3eb91d1ed0ecd8baa50cbf6fe224634f5be16fe9071a86483aaf415d26bec0384cfb87b93

Download Submit
memory/3568-4674-0x00000000759B0000-0x00000000759C6000-memory.dmp

Filesize
88KB

Download
memory/8764-4354-0x0000000075C50000-0x0000000075CEF000-memory.dmp

Filesize
636KB

Download
memory/15264-4140-0x0000000077D90000-0x0000000077DB4000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads