1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe
Size

184KB
MD5

bed5a6a7334f2bd4da9e57292684af90
SHA1

148e38a4ea635f7429a6033b90c23fa1095afe87
SHA256

1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607
SHA512

d595ba15fa80cdad7463dee4af59bce783d6d1a42a8f19b0eeffa2e8a1e3c117caf3a65ba851c558440d930c0d0caed5f396d87396bc61b0d94201cc1ceff0a0
SSDEEP

3072:7R0aZCo0yYvNdEntZ7F8t5Xjlvnqnveud:7R+o4bEnR8bXjlPqnveu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
664	Unicorn-58759.exe
3340	Unicorn-33399.exe
1600	Unicorn-62734.exe
1292	Unicorn-50607.exe
3016	Unicorn-42439.exe
1472	Unicorn-22573.exe
3040	Unicorn-19972.exe
1624	Unicorn-39598.exe
2964	Unicorn-36260.exe
548	Unicorn-23838.exe
1152	Unicorn-42404.exe
2140	Unicorn-36836.exe
1756	Unicorn-56437.exe
2792	Unicorn-44590.exe
3712	Unicorn-49421.exe
3620	Unicorn-61118.exe
5076	Unicorn-30483.exe
3836	Unicorn-8580.exe
4700	Unicorn-11341.exe
4320	Unicorn-5420.exe
4556	Unicorn-8949.exe
4104	Unicorn-57388.exe
1980	Unicorn-58342.exe
1436	Unicorn-58342.exe
2800	Unicorn-44044.exe
3004	Unicorn-33573.exe
1704	Unicorn-14635.exe
4504	Unicorn-61030.exe
4908	Unicorn-10028.exe
3136	Unicorn-62950.exe
3840	Unicorn-62950.exe
3880	Unicorn-62950.exe
3272	Unicorn-62950.exe
2980	Unicorn-42316.exe
4064	Unicorn-15403.exe
3752	Unicorn-21268.exe
4256	Unicorn-48268.exe
2068	Unicorn-3189.exe
3648	Unicorn-16188.exe
5100	Unicorn-36246.exe
4360	Unicorn-12435.exe
2520	Unicorn-26734.exe
4560	Unicorn-18566.exe
3192	Unicorn-23396.exe
2336	Unicorn-43262.exe
928	Unicorn-31756.exe
3884	Unicorn-26156.exe
2576	Unicorn-27118.exe
2120	Unicorn-34715.exe
1040	Unicorn-53542.exe
5052	Unicorn-61710.exe
4288	Unicorn-9172.exe
1876	Unicorn-28773.exe
1208	Unicorn-36438.exe
1400	Unicorn-44341.exe
4512	Unicorn-47102.exe
4216	Unicorn-19260.exe
2196	Unicorn-8491.exe
4540	Unicorn-14429.exe
2684	Unicorn-5685.exe
772	Unicorn-3884.exe
3580	Unicorn-7413.exe
4460	Unicorn-44917.exe
2440	Unicorn-12244.exe

Program crash 18 IoCs

pid	pid_target	Process	procid_target
5868	5500	WerFault.exe	192
8980	6760	WerFault.exe	261
17276	14440	WerFault.exe	707
17284	14976	WerFault.exe	716
1484	15016	WerFault.exe	719
16832	15004	WerFault.exe	718
1304	13800	WerFault.exe	737
17188	15072	WerFault.exe	722
4776	15300	WerFault.exe	726
2976	17376	WerFault.exe	853
2076	15484	WerFault.exe	759
16644	740	Process not Found	1020
8492	6656	Process not Found	1057
8968	15452	Process not Found	1046
11408	16296	Process not Found	1007
11584	2548	Process not Found	1091
7872	6988	Process not Found	1058
14264	14940	Process not Found	1158

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1180	Process not Found
Token: SeChangeNotifyPrivilege	1180	Process not Found
Token: 33	1180	Process not Found
Token: SeIncBasePriorityPrivilege	1180	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe
664	Unicorn-58759.exe
3340	Unicorn-33399.exe
1600	Unicorn-62734.exe
1292	Unicorn-50607.exe
3016	Unicorn-42439.exe
3040	Unicorn-19972.exe
1472	Unicorn-22573.exe
1624	Unicorn-39598.exe
2964	Unicorn-36260.exe
548	Unicorn-23838.exe
1756	Unicorn-56437.exe
2140	Unicorn-36836.exe
1152	Unicorn-42404.exe
2792	Unicorn-44590.exe
3712	Unicorn-49421.exe
5076	Unicorn-30483.exe
3836	Unicorn-8580.exe
3620	Unicorn-61118.exe
4320	Unicorn-5420.exe
4556	Unicorn-8949.exe
4700	Unicorn-11341.exe
1980	Unicorn-58342.exe
4104	Unicorn-57388.exe
3004	Unicorn-33573.exe
2800	Unicorn-44044.exe
1436	Unicorn-58342.exe
1704	Unicorn-14635.exe
4504	Unicorn-61030.exe
4908	Unicorn-10028.exe
3136	Unicorn-62950.exe
3880	Unicorn-62950.exe
3272	Unicorn-62950.exe
3840	Unicorn-62950.exe
2980	Unicorn-42316.exe
4064	Unicorn-15403.exe
3752	Unicorn-21268.exe
4256	Unicorn-48268.exe
2068	Unicorn-3189.exe
3648	Unicorn-16188.exe
5100	Unicorn-36246.exe
4360	Unicorn-12435.exe
2520	Unicorn-26734.exe
4560	Unicorn-18566.exe
2336	Unicorn-43262.exe
928	Unicorn-31756.exe
3884	Unicorn-26156.exe
3192	Unicorn-23396.exe
2120	Unicorn-34715.exe
2576	Unicorn-27118.exe
1040	Unicorn-53542.exe
1876	Unicorn-28773.exe
4288	Unicorn-9172.exe
5052	Unicorn-61710.exe
1208	Unicorn-36438.exe
1400	Unicorn-44341.exe
4512	Unicorn-47102.exe
2196	Unicorn-8491.exe
4216	Unicorn-19260.exe
4540	Unicorn-14429.exe
772	Unicorn-3884.exe
2684	Unicorn-5685.exe
2440	Unicorn-12244.exe
4460	Unicorn-44917.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 664	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 664	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	86
PID 2340 wrote to memory of 664	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	86
PID 664 wrote to memory of 3340	664	Unicorn-58759.exe	87
PID 664 wrote to memory of 3340	664	Unicorn-58759.exe	87
PID 664 wrote to memory of 3340	664	Unicorn-58759.exe	87
PID 2340 wrote to memory of 1600	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 1600	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	88
PID 2340 wrote to memory of 1600	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	88
PID 3340 wrote to memory of 1292	3340	Unicorn-33399.exe	89
PID 3340 wrote to memory of 1292	3340	Unicorn-33399.exe	89
PID 3340 wrote to memory of 1292	3340	Unicorn-33399.exe	89
PID 1600 wrote to memory of 3016	1600	Unicorn-62734.exe	90
PID 1600 wrote to memory of 3016	1600	Unicorn-62734.exe	90
PID 1600 wrote to memory of 3016	1600	Unicorn-62734.exe	90
PID 664 wrote to memory of 1472	664	Unicorn-58759.exe	91
PID 664 wrote to memory of 1472	664	Unicorn-58759.exe	91
PID 664 wrote to memory of 1472	664	Unicorn-58759.exe	91
PID 2340 wrote to memory of 3040	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 3040	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	92
PID 2340 wrote to memory of 3040	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	92
PID 1292 wrote to memory of 1624	1292	Unicorn-50607.exe	96
PID 1292 wrote to memory of 1624	1292	Unicorn-50607.exe	96
PID 1292 wrote to memory of 1624	1292	Unicorn-50607.exe	96
PID 3340 wrote to memory of 2964	3340	Unicorn-33399.exe	97
PID 3340 wrote to memory of 2964	3340	Unicorn-33399.exe	97
PID 3340 wrote to memory of 2964	3340	Unicorn-33399.exe	97
PID 3016 wrote to memory of 548	3016	Unicorn-42439.exe	98
PID 3016 wrote to memory of 548	3016	Unicorn-42439.exe	98
PID 3016 wrote to memory of 548	3016	Unicorn-42439.exe	98
PID 664 wrote to memory of 1152	664	Unicorn-58759.exe	99
PID 664 wrote to memory of 1152	664	Unicorn-58759.exe	99
PID 664 wrote to memory of 1152	664	Unicorn-58759.exe	99
PID 1600 wrote to memory of 2140	1600	Unicorn-62734.exe	101
PID 1600 wrote to memory of 2140	1600	Unicorn-62734.exe	101
PID 1600 wrote to memory of 2140	1600	Unicorn-62734.exe	101
PID 2340 wrote to memory of 1756	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 1756	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	100
PID 2340 wrote to memory of 1756	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	100
PID 1624 wrote to memory of 2792	1624	Unicorn-39598.exe	106
PID 1624 wrote to memory of 2792	1624	Unicorn-39598.exe	106
PID 1624 wrote to memory of 2792	1624	Unicorn-39598.exe	106
PID 1292 wrote to memory of 3712	1292	Unicorn-50607.exe	107
PID 1292 wrote to memory of 3712	1292	Unicorn-50607.exe	107
PID 1292 wrote to memory of 3712	1292	Unicorn-50607.exe	107
PID 2964 wrote to memory of 3620	2964	Unicorn-36260.exe	108
PID 2964 wrote to memory of 3620	2964	Unicorn-36260.exe	108
PID 2964 wrote to memory of 3620	2964	Unicorn-36260.exe	108
PID 3340 wrote to memory of 5076	3340	Unicorn-33399.exe	109
PID 3340 wrote to memory of 5076	3340	Unicorn-33399.exe	109
PID 3340 wrote to memory of 5076	3340	Unicorn-33399.exe	109
PID 3040 wrote to memory of 3836	3040	Unicorn-19972.exe	110
PID 3040 wrote to memory of 3836	3040	Unicorn-19972.exe	110
PID 3040 wrote to memory of 3836	3040	Unicorn-19972.exe	110
PID 548 wrote to memory of 4700	548	Unicorn-23838.exe	111
PID 548 wrote to memory of 4700	548	Unicorn-23838.exe	111
PID 548 wrote to memory of 4700	548	Unicorn-23838.exe	111
PID 3016 wrote to memory of 4320	3016	Unicorn-42439.exe	112
PID 3016 wrote to memory of 4320	3016	Unicorn-42439.exe	112
PID 3016 wrote to memory of 4320	3016	Unicorn-42439.exe	112
PID 1756 wrote to memory of 4556	1756	Unicorn-56437.exe	113
PID 1756 wrote to memory of 4556	1756	Unicorn-56437.exe	113
PID 1756 wrote to memory of 4556	1756	Unicorn-56437.exe	113
PID 2340 wrote to memory of 4104	2340	1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1d14132093c7568a29abd3d6c9c597116ff7295671b729ad11658433b8d8d607_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        10⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
        10⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        10⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14029.exe
        10⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        10⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
        9⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45181.exe
        9⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        9⤵
        
        PID:16560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        9⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        9⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        9⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        9⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        9⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        9⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13260.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        10⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        9⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        9⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        8⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        8⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        8⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        9⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        9⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3339.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        7⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        7⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        9⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        9⤵
        
        PID:15072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15072 -s 436
        10⤵
        Program crash
        
        PID:17188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        9⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        8⤵
        
        PID:15484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15484 -s 464
        9⤵
        Program crash
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        8⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        8⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        8⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        8⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        8⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        7⤵
        
        PID:15692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        6⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13607.exe
        7⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        7⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        7⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        7⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        9⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        9⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        9⤵
        
        PID:16444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        8⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        7⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        7⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
        9⤵
        
        PID:13104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        8⤵
        
        PID:16600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        8⤵
        
        PID:12660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        8⤵
        
        PID:16180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        7⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        7⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        6⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        6⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        6⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        8⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        7⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        7⤵
        
        PID:15820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50510.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        7⤵
        
        PID:17216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        7⤵
        
        PID:16416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        6⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        6⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        6⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        7⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        6⤵
        
        PID:14440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14440 -s 428
        7⤵
        Program crash
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        6⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        5⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        5⤵
        
        PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        7⤵
        Executes dropped EXE
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        9⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        9⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
        7⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        7⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        7⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        7⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        7⤵
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        7⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        6⤵
        
        PID:16584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        6⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        8⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
        8⤵
        
        PID:17376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17376 -s 276
        9⤵
        Program crash
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17496.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60334.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42768.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        6⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        7⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3940.exe
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:14660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        6⤵
        
        PID:15684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        6⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        5⤵
        
        PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        8⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        8⤵
        
        PID:15004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15004 -s 448
        9⤵
        Program crash
        
        PID:16832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        7⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        7⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        7⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        7⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        6⤵
        
        PID:9156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        6⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        6⤵
        
        PID:11240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        6⤵
        
        PID:17232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60812.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        5⤵
        
        PID:15016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15016 -s 472
        6⤵
        Program crash
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
        5⤵
        
        PID:15720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        5⤵
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        6⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        7⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        8⤵
        
        PID:13064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
        8⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        7⤵
        
        PID:14104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        7⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        5⤵
        
        PID:11136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
        5⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
      4⤵
      PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        7⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        7⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        6⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        6⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        6⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        5⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36550.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1619.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
      4⤵
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        5⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
      4⤵
      PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39885.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        8⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9020.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
        7⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        7⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1356.exe
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        7⤵
        
        PID:15596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        7⤵
        
        PID:16408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:15672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        6⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        6⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8411.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        5⤵
        
        PID:10976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        5⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        5⤵
        
        PID:7028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        5⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
      4⤵
      PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
        5⤵
        
        PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      4⤵
      PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
      4⤵
      PID:15772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        7⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        7⤵
        
        PID:15964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        6⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        6⤵
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        6⤵
        
        PID:17000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        6⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17880.exe
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
        5⤵
        
        PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        5⤵
        
        PID:16704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
      4⤵
      PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20142.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        6⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        5⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        5⤵
        
        PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      4⤵
      PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34415.exe
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13628.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      4⤵
      PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
      4⤵
      PID:15096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        5⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      4⤵
      PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6940.exe
    3⤵
    PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
      4⤵
      PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
    3⤵
    PID:7884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
    3⤵
    PID:11252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
    3⤵
    PID:14144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
    3⤵
    PID:16620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
    3⤵
    PID:16676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5789.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        9⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        9⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36020.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47205.exe
        8⤵
        
        PID:15452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        8⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        8⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        8⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
        8⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        7⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        7⤵
        
        PID:16156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
        7⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        8⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        8⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        7⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        7⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        7⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        7⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        7⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        6⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        5⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        
        PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        8⤵
        
        PID:14976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14976 -s 460
        9⤵
        Program crash
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        7⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        6⤵
        
        PID:15716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        6⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
        6⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 636
        7⤵
        Program crash
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        6⤵
        
        PID:16036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        6⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9911.exe
        6⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        5⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
      4⤵
      PID:5500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 212
        5⤵
        Program crash
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
      4⤵
      PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
      4⤵
      PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        8⤵
        
        PID:13708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        7⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        7⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        7⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        7⤵
        
        PID:14408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        6⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        6⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56852.exe
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        6⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        5⤵
        
        PID:16152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        5⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        6⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        6⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        5⤵
        
        PID:13800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13800 -s 468
        6⤵
        Program crash
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        5⤵
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        6⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        5⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        5⤵
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      4⤵
      PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
        5⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        5⤵
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        6⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42844.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        5⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
        6⤵
        
        PID:15624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        5⤵
        
        PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        5⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
      4⤵
      PID:16684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
      4⤵
      PID:14888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        5⤵
        
        PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
      4⤵
      PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
    3⤵
    PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
    3⤵
    PID:10116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
    3⤵
    PID:13732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
    3⤵
    PID:740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        6⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        7⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
        7⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54277.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        6⤵
        
        PID:16084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        6⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        6⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        6⤵
        
        PID:12208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        6⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        5⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        5⤵
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      4⤵
      PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3421.exe
      4⤵
      PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
      4⤵
      PID:15812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      4⤵
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29212.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        6⤵
        
        PID:15204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        5⤵
        
        PID:11320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22543.exe
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        5⤵
        
        PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
      4⤵
      PID:12444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
      4⤵
      PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
    3⤵
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49438.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        5⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
      4⤵
      PID:9136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9699.exe
      4⤵
      PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
      4⤵
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
    3⤵
    PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
      4⤵
      PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
      4⤵
      PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
    3⤵
    PID:9972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
    3⤵
    PID:12368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
    3⤵
    PID:16584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
    3⤵
    PID:5552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        7⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        7⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        5⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10200.exe
        5⤵
        
        PID:16164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
      4⤵
      PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        6⤵
        
        PID:10708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        5⤵
        
        PID:15300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15300 -s 464
        6⤵
        Program crash
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3323.exe
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64420.exe
        5⤵
        
        PID:16488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        5⤵
        
        PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
      4⤵
      PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62156.exe
      4⤵
      PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
      4⤵
      PID:1124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        6⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        7⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
        6⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        6⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63612.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63629.exe
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        5⤵
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28606.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        5⤵
        
        PID:16188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
      4⤵
      PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59209.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23971.exe
    3⤵
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40223.exe
        5⤵
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      4⤵
      PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
      4⤵
      PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33963.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
      4⤵
      PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
    3⤵
    PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
    3⤵
    PID:12544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25998.exe
    3⤵
    PID:16168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
        5⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
      4⤵
      PID:13328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
      4⤵
      PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
      4⤵
      PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      4⤵
      PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
      4⤵
      PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      4⤵
      PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
      4⤵
      PID:16880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41860.exe
    3⤵
    PID:7904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
    3⤵
    PID:10564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
    3⤵
    PID:14364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
    3⤵
    PID:6124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        5⤵
        
        PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26051.exe
      4⤵
      PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
      4⤵
      PID:6740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44838.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
      4⤵
      PID:16008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22755.exe
    3⤵
    PID:9788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62277.exe
    3⤵
    PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
    3⤵
    PID:2460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    3⤵
    PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
      4⤵
      PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
    3⤵
    PID:9772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
    3⤵
    PID:13256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
    3⤵
    PID:16740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60602.exe
    3⤵
    PID:60
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
  2⤵
  PID:7096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    3⤵
    PID:13264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
    3⤵
    PID:15116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
  2⤵
  PID:10208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
  2⤵
  PID:12656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10388.exe
  2⤵
  PID:16768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55496.exe
  2⤵
  PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5500 -ip 5500
1⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 6760 -ip 6760
1⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 14976 -ip 14976
1⤵
PID:17252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 14544 -ip 14544
1⤵
PID:17300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 13800 -ip 13800
1⤵
PID:17388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 14544 -ip 14544
1⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 15292 -ip 15292
1⤵
PID:16684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 15108 -ip 15108
1⤵
PID:16592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 15188 -ip 15188
1⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 15196 -ip 15196
1⤵
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 15352 -ip 15352
1⤵
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 15272 -ip 15272
1⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7292 -ip 7292
1⤵
PID:17356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 14960 -ip 14960
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1332 -ip 1332
1⤵
PID:16516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 15684 -ip 15684
1⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 16124 -ip 16124
1⤵
PID:17264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 16344 -ip 16344
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 16228 -ip 16228
1⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 16168 -ip 16168
1⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 16504 -ip 16504
1⤵
PID:16488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 15856 -ip 15856
1⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 16720 -ip 16720
1⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 16748 -ip 16748
1⤵
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 16712 -ip 16712
1⤵
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 16740 -ip 16740
1⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 16836 -ip 16836
1⤵
PID:400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 16940 -ip 16940
1⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 16492 -ip 16492
1⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2124 -ip 2124
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 16752 -ip 16752
1⤵
PID:17352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 16880 -ip 16880
1⤵
PID:15268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 16644 -ip 16644
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe

Filesize
184KB

MD5
be7ca8d0e2cc98ab624e92192089fbae

SHA1
d986c8e198aaa6a94c7ca9224e64f75d22c8cd3f

SHA256
9e6ca32722a2adee3fed86d23918348c30cf402d42afb80279182da802942456

SHA512
242565d62c7df1da4d8276ef804b807a4a22f54155d64c96436810b72e3709c4047f6b011aab2c5d7f84c6bd81a290b35b685e1b18de2c3c4289c4465d779d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe

Filesize
184KB

MD5
898248255d3a7f334f1f0676d5ca51a4

SHA1
ca5fbd42434ac02b57f2d3a595a6f26c4f310476

SHA256
94638cdc0e4f20b7b2e36b43a696ebeb21c190986e83872794116754d87fc700

SHA512
46c7ae3f325eb798d8950f0692df255835962162455c047b653646afd1951c9577d1e9bda18a67087a7907aff451d0a7d70b8f46b3fcc172f04c84cf6628b115

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe

Filesize
184KB

MD5
2b69464dd55038fcdc063530778c71ef

SHA1
7bb89d87f31ca3ac21a3eae5e27c008ea3624a17

SHA256
db630ab8e6cff272bed5e33ae78ce14cbff2a26038815f55a68b4328f6d90e16

SHA512
d27d69bf38349460734b40ccead607e0c522c037434e43666ba84ec106d81fe6a9feafbf4e19e284bd46e00ce70b9d5bba980fd27f71cbfb4b98a8456062402d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe

Filesize
184KB

MD5
1db2f78371d671d3f16dac9adb023b4f

SHA1
c80b51812cd1dbb7aca6ff0acc164e035b3ff5e7

SHA256
21842015fe5586b10faf09951d9d075835b741357dddfcdeb9b67080c145c497

SHA512
322cca1481fad82c153970f2b5ce21ef03b805f2dbab57c110400c4526b168b254e69d7adde4090c511a5e5ca2ac373f8d1f13ee8e2aa449fc69c0b4df19a2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe

Filesize
184KB

MD5
4147ffd785a0e2bcd3fbd01db85f9441

SHA1
f25a601bea8792edb138e9a73910e759f49f0693

SHA256
111c3587679db6c09bb51727ec8ff6b131b56487fde452ea6106b57b7f334364

SHA512
c359a773816b5488744146095ccbbd93eb43ec556ed360c160723525596dbdce68c7b4d85566ac0723f93b80b623e2b0a406abd3acd7ffce8b8947f941499341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe

Filesize
184KB

MD5
3c004722f7fdfe8cc953c80b0bf90942

SHA1
c56e5e95ec9a0ad5411fb5cd9216318270d13db6

SHA256
0ed2a5a69fbccdc7dad11fbd03e12a255162490a6a5950bd7b77c01f70a05a24

SHA512
2c048d3fb8a6fed07d952aaa5f732729ea2e3dbd4f3a34bc28cd26b4fd02e18364a32857f628614ec730b4e39cbcb38d331aca987a95a082f0b6eb0fb2d4db0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe

Filesize
184KB

MD5
20725c6b9023c79a828ffe4b9261f4f6

SHA1
86fdb8497492fa9a4885d60403c056e67f2c9db0

SHA256
2e0ab4ee2bcd80b4d7d7ac70fad733a85f9eabf8a1fe2c32d2447215d0e2f426

SHA512
659edc718ae02f259e5be4f835fe1779eaa4783349a818122bc530f8ebc09795eb70817264b85dae44b4293f090943355aaacf09633f972254b0c2277072c408

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe

Filesize
184KB

MD5
d22f08b9601caf2e3cec73361e890e29

SHA1
fcf888c44708eb98022ada608b8e66bf13a8101c

SHA256
1f916a034be3c36a2a3235c7e21d2d953cd9896b4477a49dbd95fec19bcad136

SHA512
e2cf6331251ffa1a40a559f035d0ad48595f7132d17679978fffffb147df10c677793a415429760483af69983614aa29ec0db5dba813b140b78f23aaae4abc00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe

Filesize
184KB

MD5
9c10d2f9d90e5f450a8877bf8a96ee9c

SHA1
b84f6f07c9756625482348a3294acfa8574178cb

SHA256
af1aa6c582900c9b32825cddad57a4aec8bfc2f2335444308536e909a430ae7c

SHA512
fce4219e1747353ef06ef1ba2b267efe6221580a0d3d100ac2c15c4787bfb231b11c5929a3ca45107967797ca57d8ce335ee652ba3655c7ea960217e962018fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe

Filesize
184KB

MD5
a81708e0112970756af03298b7e9011d

SHA1
643183d456e196a8445efb6e92f58d31f57c43ae

SHA256
c31474b59e9b071b7383ea56445fd338f98194573ab16c52c190a9f8ef8f10a1

SHA512
081e73d02463ea652c02c03ac1693d0dfa88f888f22b9d5f99035ccfed7184d3bd1308f7158c8245aa289551216e7086400eefbb377bec9c55304243b4ff19d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe

Filesize
184KB

MD5
ac92d15e5e2f1f67bb625c5d598d5a5b

SHA1
8c3d1cf02a8967139a3f4533116401dc42ebda7c

SHA256
28e41610b5b54a415e4ac793eb3b34bf7b83106bd485204868cacfeee4d19fca

SHA512
0a634fb1639496af67ef073a9477acebf1b525c5d153c018cf138db5ecfdc5a37dfe63db03ad36d27a4ff1a03dee68ded0a65a4c218dade635eea068c0bc021e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36020.exe

Filesize
184KB

MD5
ba78a1048f1f245c98babc21d65e028c

SHA1
49ff4001d05302f877814c57e5d804e301e27a63

SHA256
9c69c69873e50b067b7531d61bed19014b30efa3eac147e4c5aa0fe321f1c70a

SHA512
304aced0358554b3969cfe8d3c14c47b975489fba28209b1b5cf3aa15c490a008bf79580a32178f8aa75ccc84a175e964580d60c6f1b7f5e0a9068b3ecad5eee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe

Filesize
184KB

MD5
a7bce929035778a3a7e701d2f65b7efd

SHA1
c5f61d22e27aeb3ff985883188a41aecce389e71

SHA256
dd64dc1b332ee9ad1c781c61dbac2ccf391c014b1b5c456c6b878c3f2abc70fe

SHA512
415977f99faa41a7a1b7dea06e4bf95ec49bcfc1de50be4cbd6eecd5d63e40e06066013ead6bd610e3b386fb58d75750e6c47d9682e05c984b477a7731f5e0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe

Filesize
184KB

MD5
5b93647e2614609279eb7dad5c7c11ec

SHA1
ac7540829ab3bfdddaa738c067e8ea584ec8c1bf

SHA256
39fa750af13f509048c524d86b6a00e4c63f5e8c8f0a9a4a517b55d68835f782

SHA512
2855c6341cb8c762610c48147bf6c000cf2615b8acf4cbf1ba3a2c1eeb370dc8d6ca4499432eb3548a9c18e9e1899d1b1978cda25d9e8644991da6da296d78bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe

Filesize
184KB

MD5
58c006c396be32947a26e2298613257d

SHA1
1138dc3dfa790f119034588aa5d7b25d8b9726b4

SHA256
04e1108f0c4f14ce7c41252a2393e943f46a0050a05abd1dfa7b7a43346df303

SHA512
afc13990396d19dba06c678b0495bebd445fcfcfa5c28cef2bc1b9b7b977df2d2ae9415b5c016cb9a82d0ca7c82fe22c2b7844f050977617dd93c75314a3ca3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe

Filesize
184KB

MD5
7887dc6894eb116f0e7a3051790e4cea

SHA1
7eb273ae2b08ab2e6207d31d8ef33be202f7e71e

SHA256
210f51dffd645c08a8d8675c5f836329a25dae3eadd67c2adb85e916063aeee3

SHA512
62583af8303dae9942dd6921002a7ff32792d2493dab2f2c99231ec72ba9d144c610c2a9fdcfa6d32c248cebc9c0ed770cfd2d60f7560dadb6236dbc4d400222

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe

Filesize
184KB

MD5
fb3a4a3922c71cf8a41029f7b460b4d0

SHA1
aa2c1dc4a099c3b89288b806270987656e8c0150

SHA256
b464fa23234234fc1e3f8dffff8545978333e127f4a62c3ca6d9223bee4aa131

SHA512
dfb0e0048157e0e5c7eb8ce03216c592c34775882def7324e417b5fffad7a67aeec5a3aea4cfd3023908e889a921e921c7aa2ba356ec97151ff48d5a9ac49df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe

Filesize
184KB

MD5
692f457f1c80dda96d4e867c791c30ab

SHA1
bfc7348f4da48283d3770542d96f29732b42a9d4

SHA256
f4ac78272db1e75b64a9a181622fa6cefd840de6ad6e6d6a8fa5b537687d04ee

SHA512
73540df581a2b09ae78b8ebba1b25f58841152747c9abbd21f3511f0cf922ca9747ac2f9a96c13ba5bcc17deeadbffb5748c17e017d1957bf7f0429d866145be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe

Filesize
184KB

MD5
5ac03b2ef589d5bbef5e4ed611120c27

SHA1
1f824942fac521d6280d056ffde3b61caf0512c6

SHA256
1a4408f91582933b52258c9d11316c1de49793352806a8f686c8bcd6081be88c

SHA512
a1272318ed0df08e53feaac26aa7e8dc84ec7d859c9a1684342cc6990932f2f900a6212a663c4f3257e0c754f6b637085354724a43669f6814c0c08d79bae39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe

Filesize
184KB

MD5
8f8af9a367fec1f34aa0cd1559ca57ab

SHA1
74ad44db4ff3c8e05f45eb00c324798c23388a7d

SHA256
a66fc5cdad746c6d142fec4005baa7080124df2e5a8882ac670ea28e9d30f5b1

SHA512
6c868117d5966551700506f7eb0dfdf4bd906512c1cbe9f9396e6f06cfae9e0ed9b709a86191c6f324808e1fe8b3742b429ed26158e1d0bc1e8d44c6fac81e82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50607.exe

Filesize
184KB

MD5
b8a16113c507fb4541f6d80cc94b55de

SHA1
c562c32feb7bfc8d7ec304d755f09783f72a44e4

SHA256
d4d02e33da8094d6b60d56216f32dd4989f88a2baaee468ae905c4c9b6855a4d

SHA512
38ff8e64faa754805f69ef3f27d2a866ea6569cebf7aef33aef2f719e8e7857c7547f4e7e674c6b82e8f03964891a8a347d6e5bff5e231630f31a952b4dd1135

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe

Filesize
184KB

MD5
c75e9af9b0a5bcba1c023ba61dc3a0a2

SHA1
85aaa1779d68930964ba4fa7d36fa3249a69703d

SHA256
d1dac67c9c9eabcf32cc2204a89225e58625ff249b2ac8a79372b016309cccc7

SHA512
c104f75107c3797df612ba93e2a20d30c44b5ffa308e1af39e769d8abea6899d3ac634890e3750a07f01837f87adaa195ef3db6e9bf3f29164f6bfd08673ef38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe

Filesize
184KB

MD5
8a646482d598e17bba18cb7fe630946f

SHA1
43ed2e8e1175f761739956d6a6aa6d5e0b81eea7

SHA256
2fbe720d4e154ebd5895445e6c6b8c79efa2226133c8a738d24f866b339f73c6

SHA512
64a301d32f9ce9a1cfdb1be4252fc89b906df73b46c91ddb7b4da8c48407b71398c97f5353d7a0844f5c9bc3e3061a45fb4e773388301e2c09229513958a9226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe

Filesize
184KB

MD5
993ea9b9af50558e36d247fe2ae365d4

SHA1
40fb584d8341f0342420c2013da701dcfbd6e54e

SHA256
452b868bb7f98357125168946929d6c0d397ef22f8bf1d4ade3723abdcc3b3b1

SHA512
85bb3a1e66a59b321a646d249958f1cd7439148bdc52fc56843bec8fdc9342377b8a575a41cfc20064cfebff98325b7df68be135cc5fdd28f908635b304c364f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe

Filesize
184KB

MD5
afeab3b2a5f7f4fca0e0b93ab96e4aca

SHA1
531f097cb03a80accd0bf542fa8aa5b8acccf16c

SHA256
ba0ecf5d70ab8cc80461a073dcf7c65250e201347823bc96003e4dd724a8a512

SHA512
109040635a37e7810f6b39c6cfc53c660dfbb6c33a083e8f787f0bc991d7b4073232f5f581c7b79dd8d6eccb5b23795a4eb58338f21b79e0f171139e6cc5d340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe

Filesize
184KB

MD5
05c852ff3460b812854d13839b9d7b38

SHA1
8f00c0f15fabedaf9078e5ec94185720d33fa855

SHA256
a3d0b1b6292840b3009ed66822387e9bd36cd617a96897548065dd65e4790321

SHA512
b7697b30efb746e07178f68dcbf8588741e22293833b4beb6b5cfdce875527c7bf3c76cfb877104ebb8f09be2c800999f1e286f31acd5febacd315f884d2c7c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe

Filesize
184KB

MD5
70b28a9d51302039a38c25d446750d5d

SHA1
cbd54712543aba4d53d7db18ca70ed0997fabd74

SHA256
4b5d29f61567cac4684e1742e453e2f95c323d9fc46ce2ec7a194b9eae301326

SHA512
1935bc72d0e3e8a942170f9dfdbf68cc2944c65b77f17f9f6088d300cff80b0a1205e9b81aa8ff4196b66b28b559631b1b598cd04080863cd93bc57badb07d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe

Filesize
184KB

MD5
422493c185aa7aaaf0c6d8310be194ae

SHA1
b798bf7c53561dccd4040967cfd14c656f223487

SHA256
db7ae2552312a8968d71e8fa7d129f743d3dc41ff3740baec23fc40892632bd8

SHA512
b058b94309f2e9675e2ebafa55a567e0022f4e02f52e9a92fd71938e1b7db4fcbb7bbc412123705ef0204b13aa81cd22c48faff877ac63ff70c09a8e43080612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe

Filesize
184KB

MD5
6b804337e481248a533bda91af2ad3ac

SHA1
9d31235243a1468ce04b7451f69d3af7da872e6d

SHA256
7f1e294e7ef818e2c5a2625b70639daa2ae90861f158f8c2495879bafe59eeae

SHA512
f07c6dbefae2abdbd47208065706543645a12e0b82baaeb4f68f41d2529667cd9007cd256a2e6951720ded1b9b155b3f30cf127ce359b68c800cfad81f824d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe

Filesize
184KB

MD5
9b9520fa610d38085ea2d6c1237c6c9b

SHA1
d938d54b8ac12401ee31022a24f7d38efe048a87

SHA256
f49b10923d148d8872c9fa3ac818d69e1221285f9993080a8ecb655e17433ad1

SHA512
ac0f9420bead2413c0834bf2bb8254c3e7ddfd4096cca6170e259c5b137d00c0f60ab3a1595358ea3fcc78f98c521c607292602315655f162e6c8a8ccd1a6f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe

Filesize
184KB

MD5
2a5d8a7db09fee7b243dde0fbff6aa85

SHA1
3d4b49012823d04800bab6430ce5137d35e6e3d4

SHA256
93d2a341d7eb7e97ca4b9ce80bde5ce2b22be826f044edbbe64df66c868f6976

SHA512
75a48ca426bf7c9334784246877d23dad799d574e0f9aa408f2a9a6ab35b8805f75cf3eebdd420c19da7e8f6ce2ef3f67dfdf1a23e5a9b15be42ddbde7104411

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe

Filesize
184KB

MD5
d638b263c9aafe0e95d706d94d75762b

SHA1
edcb897549ce6c0df8bda2affef85f2f01b46b15

SHA256
f24dbe7938d0bc8ea011a3506b2186cd22b07da7cac5f782985043db527519dd

SHA512
a47f1a641b8222c72f5a63a99d1716a9b3c6600706fbfba4f9e857b5e66bc93aa763083a6c1307044035b58dca8b6f17c5341c351aef85aedabd80373e883a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe

Filesize
184KB

MD5
ab51d1197093e0cb741fd4c9a15c4f5c

SHA1
11a36074eb81292d2d8c606d1bf1deacc0423b00

SHA256
6e29a8429d27f8a1bfe7a767a571e096069c21c6990c0a26040e7c2523d8f7e9

SHA512
ac61011e622651a69633ec50ed2935f367a7b038743481bf055a323b4259da84f33afc227f46258221439ef43e47068fcac4db5f8fd8eeb76d4f9d8c9678ccf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe

Filesize
184KB

MD5
1882b00bc779ff3a6e9a3e0dc22a0d0c

SHA1
03f00b3257fd82df0cb0742d1d5a48870ac0bea2

SHA256
5d62b576a32c04b256165aa0b117b8dc587e0015afdc2706b82e32287020c624

SHA512
415da805fc704c18721c1fe7a785e1eee27f6e5d634c158de69f1e6466108c426383134a0d82b108a91b3a427f7c17f05b92cdc4196827bc564c2bd7449fadf9

Download Submit
memory/536-402-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/548-74-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/664-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/772-369-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/928-284-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/968-3094-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1040-299-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1084-398-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1152-89-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1208-326-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1292-27-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1384-697-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1400-327-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1472-42-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1600-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1624-56-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1704-192-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1756-90-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1876-313-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1980-174-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2120-294-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2148-696-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2196-346-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2336-274-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2340-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2376-693-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2440-374-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2520-268-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2532-406-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2576-290-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2584-699-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2684-360-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2792-100-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2800-175-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2948-404-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2964-63-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2980-226-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3004-182-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3016-41-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3040-45-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-214-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3192-273-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3240-3938-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3304-429-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3340-13-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3580-370-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3620-115-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3648-247-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3696-694-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3712-108-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3752-233-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3836-127-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3884-286-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3944-430-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4064-232-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4076-3937-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4084-380-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4104-160-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4188-383-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4216-345-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4224-423-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4256-237-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4288-312-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4312-3939-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4320-149-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4360-263-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4400-426-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4460-375-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4504-200-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4512-344-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4532-695-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4536-3936-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4540-350-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4556-150-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4560-278-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4700-146-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4908-207-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4932-395-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5052-307-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5060-698-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5076-122-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5100-254-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5160-700-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5180-701-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5208-702-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5288-704-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5296-703-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5320-706-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5328-705-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5356-713-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5424-715-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5440-716-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5448-721-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5456-722-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5500-723-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5532-724-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5540-725-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5576-726-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5596-727-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5620-728-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5664-729-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/6164-3480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/11948-4707-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/11964-4708-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14548-3312-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15580-4576-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16168-3935-0x0000000076C60000-0x0000000076D33000-memory.dmp

Filesize
844KB

Download
memory/16332-3642-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16584-2929-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16600-2925-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16636-2928-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16948-2907-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads