f8e713f82f1a19f54df3b72ed84df5e9f8637e7ee9a33adea52157f75f6fbf78

Analysis

max time kernel
124s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 00:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe
Size

184KB
MD5

14cead38b64e6f2d642e1e9b485ada10
SHA1

6bead9d6ed732beff3c5e320c068aa5e4ee86f6b
SHA256

f8e713f82f1a19f54df3b72ed84df5e9f8637e7ee9a33adea52157f75f6fbf78
SHA512

5a7b83d46b4368d8bea3ac474acf29c100f52f8b2a531e8211b3e59ad10c05a4dbea54a86d86589321e89e383f0b60e6930e9d6ea6cb24690ac6ac493755b4ec
SSDEEP

3072:r2aZZRo8mygZZ8GNWeeFVs7Vjlvnqnxiuo:r2Yo9z8GCVeVjlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-18058.exe
4772	Unicorn-51953.exe
2432	Unicorn-6281.exe
1160	Unicorn-28060.exe
1832	Unicorn-60632.exe
2752	Unicorn-1225.exe
464	Unicorn-50929.exe
820	Unicorn-25203.exe
2504	Unicorn-57482.exe
4168	Unicorn-46470.exe
3848	Unicorn-19356.exe
4440	Unicorn-19356.exe
2424	Unicorn-34330.exe
3952	Unicorn-40196.exe
3924	Unicorn-30410.exe
3332	Unicorn-33132.exe
5100	Unicorn-57069.exe
3476	Unicorn-34777.exe
1808	Unicorn-34672.exe
4988	Unicorn-54943.exe
2460	Unicorn-23760.exe
4504	Unicorn-55519.exe
1000	Unicorn-63802.exe
3188	Unicorn-45898.exe
964	Unicorn-59551.exe
4476	Unicorn-30064.exe
4728	Unicorn-30064.exe
4528	Unicorn-16138.exe
4948	Unicorn-61809.exe
3148	Unicorn-65421.exe
3740	Unicorn-65156.exe
2120	Unicorn-24799.exe
4796	Unicorn-14912.exe
1356	Unicorn-61913.exe
4136	Unicorn-24258.exe
2580	Unicorn-9993.exe
2368	Unicorn-53147.exe
3236	Unicorn-13641.exe
3988	Unicorn-13641.exe
1468	Unicorn-12796.exe
3756	Unicorn-57777.exe
1420	Unicorn-21901.exe
4000	Unicorn-48351.exe
4720	Unicorn-27.exe
1552	Unicorn-27.exe
3972	Unicorn-20229.exe
5072	Unicorn-18864.exe
3956	Unicorn-31458.exe
396	Unicorn-50794.exe
4496	Unicorn-37058.exe
384	Unicorn-13577.exe
1840	Unicorn-44007.exe
4372	Unicorn-18591.exe
2468	Unicorn-53209.exe
3860	Unicorn-8969.exe
932	Unicorn-615.exe
1320	Unicorn-55217.exe
3168	Unicorn-51673.exe
4572	Unicorn-31807.exe
4260	Unicorn-7433.exe
3684	Unicorn-40107.exe
4924	Unicorn-55622.exe
3948	Unicorn-9950.exe
624	Unicorn-9950.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5880	4656	WerFault.exe	171
9668	6832	WerFault.exe	275
9684	7328	WerFault.exe	295
10112	7604	WerFault.exe	300
12172	7612	WerFault.exe	301
10688	2088	Process not Found	1192

Checks SCSI registry key(s) 3 TTPs 10 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	19056	dwm.exe
Token: SeChangeNotifyPrivilege	19056	dwm.exe
Token: 33	19056	dwm.exe
Token: SeIncBasePriorityPrivilege	19056	dwm.exe
Token: SeCreateGlobalPrivilege	8044	Process not Found
Token: SeChangeNotifyPrivilege	8044	Process not Found
Token: 33	8044	Process not Found
Token: SeIncBasePriorityPrivilege	8044	Process not Found
Token: SeCreateGlobalPrivilege	12368	Process not Found
Token: SeChangeNotifyPrivilege	12368	Process not Found
Token: 33	12368	Process not Found
Token: SeIncBasePriorityPrivilege	12368	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe
2040	Unicorn-18058.exe
4772	Unicorn-51953.exe
2432	Unicorn-6281.exe
1160	Unicorn-28060.exe
1832	Unicorn-60632.exe
464	Unicorn-50929.exe
820	Unicorn-25203.exe
2504	Unicorn-57482.exe
4168	Unicorn-46470.exe
2424	Unicorn-34330.exe
3848	Unicorn-19356.exe
3952	Unicorn-40196.exe
4440	Unicorn-19356.exe
3924	Unicorn-30410.exe
3332	Unicorn-33132.exe
5100	Unicorn-57069.exe
3476	Unicorn-34777.exe
1808	Unicorn-34672.exe
2460	Unicorn-23760.exe
4988	Unicorn-54943.exe
4504	Unicorn-55519.exe
1000	Unicorn-63802.exe
3188	Unicorn-45898.exe
4476	Unicorn-30064.exe
964	Unicorn-59551.exe
4728	Unicorn-30064.exe
4948	Unicorn-61809.exe
4528	Unicorn-16138.exe
3148	Unicorn-65421.exe
3740	Unicorn-65156.exe
2120	Unicorn-24799.exe
4796	Unicorn-14912.exe
1356	Unicorn-61913.exe
4136	Unicorn-24258.exe
2580	Unicorn-9993.exe
2368	Unicorn-53147.exe
3988	Unicorn-13641.exe
3236	Unicorn-13641.exe
1468	Unicorn-12796.exe
3756	Unicorn-57777.exe
4000	Unicorn-48351.exe
5072	Unicorn-18864.exe
4720	Unicorn-27.exe
3972	Unicorn-20229.exe
1552	Unicorn-27.exe
3956	Unicorn-31458.exe
396	Unicorn-50794.exe
1420	Unicorn-21901.exe
4496	Unicorn-37058.exe
384	Unicorn-13577.exe
1840	Unicorn-44007.exe
4372	Unicorn-18591.exe
2468	Unicorn-53209.exe
3860	Unicorn-8969.exe
932	Unicorn-615.exe
1320	Unicorn-55217.exe
3168	Unicorn-51673.exe
4572	Unicorn-31807.exe
4260	Unicorn-7433.exe
4924	Unicorn-55622.exe
3948	Unicorn-9950.exe
3684	Unicorn-40107.exe
2540	Unicorn-42457.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 2040	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	89
PID 4144 wrote to memory of 2040	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	89
PID 4144 wrote to memory of 2040	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	89
PID 4144 wrote to memory of 4772	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	92
PID 4144 wrote to memory of 4772	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	92
PID 4144 wrote to memory of 4772	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	92
PID 2040 wrote to memory of 2432	2040	Unicorn-18058.exe	91
PID 2040 wrote to memory of 2432	2040	Unicorn-18058.exe	91
PID 2040 wrote to memory of 2432	2040	Unicorn-18058.exe	91
PID 4772 wrote to memory of 1160	4772	Unicorn-51953.exe	95
PID 4772 wrote to memory of 1160	4772	Unicorn-51953.exe	95
PID 4772 wrote to memory of 1160	4772	Unicorn-51953.exe	95
PID 4144 wrote to memory of 1832	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	96
PID 4144 wrote to memory of 1832	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	96
PID 4144 wrote to memory of 1832	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	96
PID 2432 wrote to memory of 2752	2432	Unicorn-6281.exe	97
PID 2432 wrote to memory of 2752	2432	Unicorn-6281.exe	97
PID 2432 wrote to memory of 2752	2432	Unicorn-6281.exe	97
PID 2040 wrote to memory of 464	2040	Unicorn-18058.exe	98
PID 2040 wrote to memory of 464	2040	Unicorn-18058.exe	98
PID 2040 wrote to memory of 464	2040	Unicorn-18058.exe	98
PID 2432 wrote to memory of 820	2432	Unicorn-6281.exe	99
PID 2432 wrote to memory of 820	2432	Unicorn-6281.exe	99
PID 2432 wrote to memory of 820	2432	Unicorn-6281.exe	99
PID 1160 wrote to memory of 2504	1160	Unicorn-28060.exe	100
PID 1160 wrote to memory of 2504	1160	Unicorn-28060.exe	100
PID 1160 wrote to memory of 2504	1160	Unicorn-28060.exe	100
PID 4772 wrote to memory of 4168	4772	Unicorn-51953.exe	101
PID 4772 wrote to memory of 4168	4772	Unicorn-51953.exe	101
PID 4772 wrote to memory of 4168	4772	Unicorn-51953.exe	101
PID 464 wrote to memory of 3848	464	Unicorn-50929.exe	102
PID 464 wrote to memory of 3848	464	Unicorn-50929.exe	102
PID 464 wrote to memory of 3848	464	Unicorn-50929.exe	102
PID 1832 wrote to memory of 4440	1832	Unicorn-60632.exe	103
PID 1832 wrote to memory of 4440	1832	Unicorn-60632.exe	103
PID 1832 wrote to memory of 4440	1832	Unicorn-60632.exe	103
PID 2040 wrote to memory of 2424	2040	Unicorn-18058.exe	104
PID 2040 wrote to memory of 2424	2040	Unicorn-18058.exe	104
PID 2040 wrote to memory of 2424	2040	Unicorn-18058.exe	104
PID 4144 wrote to memory of 3952	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	105
PID 4144 wrote to memory of 3952	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	105
PID 4144 wrote to memory of 3952	4144	14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe	105
PID 820 wrote to memory of 3924	820	Unicorn-25203.exe	106
PID 820 wrote to memory of 3924	820	Unicorn-25203.exe	106
PID 820 wrote to memory of 3924	820	Unicorn-25203.exe	106
PID 2432 wrote to memory of 3332	2432	Unicorn-6281.exe	107
PID 2432 wrote to memory of 3332	2432	Unicorn-6281.exe	107
PID 2432 wrote to memory of 3332	2432	Unicorn-6281.exe	107
PID 4772 wrote to memory of 5100	4772	Unicorn-51953.exe	108
PID 4772 wrote to memory of 5100	4772	Unicorn-51953.exe	108
PID 4772 wrote to memory of 5100	4772	Unicorn-51953.exe	108
PID 2504 wrote to memory of 3476	2504	Unicorn-57482.exe	109
PID 2504 wrote to memory of 3476	2504	Unicorn-57482.exe	109
PID 2504 wrote to memory of 3476	2504	Unicorn-57482.exe	109
PID 1160 wrote to memory of 1808	1160	Unicorn-28060.exe	110
PID 1160 wrote to memory of 1808	1160	Unicorn-28060.exe	110
PID 1160 wrote to memory of 1808	1160	Unicorn-28060.exe	110
PID 2424 wrote to memory of 4988	2424	Unicorn-34330.exe	111
PID 2424 wrote to memory of 4988	2424	Unicorn-34330.exe	111
PID 2424 wrote to memory of 4988	2424	Unicorn-34330.exe	111
PID 2040 wrote to memory of 2460	2040	Unicorn-18058.exe	112
PID 2040 wrote to memory of 2460	2040	Unicorn-18058.exe	112
PID 2040 wrote to memory of 2460	2040	Unicorn-18058.exe	112
PID 3952 wrote to memory of 4504	3952	Unicorn-40196.exe	113

C:\Users\Admin\AppData\Local\Temp\14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14cead38b64e6f2d642e1e9b485ada10_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
      4⤵
      Executes dropped EXE
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53209.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        10⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        10⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        10⤵
        
        PID:17804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1858.exe
        9⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        9⤵
        
        PID:13060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        9⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        9⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        9⤵
        
        PID:18596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        9⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        8⤵
        
        PID:18940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        9⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        9⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        9⤵
        
        PID:18492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        8⤵
        
        PID:18204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        8⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24620.exe
        7⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        8⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25852.exe
        8⤵
        
        PID:19380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        7⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        8⤵
        
        PID:18780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        8⤵
        
        PID:19096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        7⤵
        
        PID:14736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        7⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        7⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        8⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        8⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        8⤵
        
        PID:18840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        7⤵
        
        PID:16328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        7⤵
        
        PID:19400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        7⤵
        
        PID:13720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        7⤵
        
        PID:18500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23772.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        6⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        9⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        9⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
        8⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        8⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        7⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        7⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33517.exe
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        8⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        8⤵
        
        PID:18840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        6⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        7⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        7⤵
        
        PID:18020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46935.exe
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        8⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36752.exe
        7⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        7⤵
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27056.exe
        6⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        6⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        6⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        5⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        6⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        6⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        7⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        9⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        9⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        8⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        8⤵
        
        PID:18480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        8⤵
        
        PID:17656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        7⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        7⤵
        
        PID:16624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
        6⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32412.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        7⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        8⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        8⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        8⤵
        
        PID:16780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        7⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        7⤵
        
        PID:17924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        6⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        7⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        7⤵
        
        PID:19208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24986.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        7⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        6⤵
        
        PID:14920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        6⤵
        
        PID:18736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        6⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34410.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        5⤵
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        7⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        7⤵
        
        PID:18060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        6⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        6⤵
        
        PID:18208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        6⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        7⤵
        
        PID:18692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        6⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        6⤵
        
        PID:19184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        5⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        6⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
        5⤵
        
        PID:18368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        6⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        7⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9626.exe
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        6⤵
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4103.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26519.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        5⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        5⤵
        
        PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        6⤵
        
        PID:12904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        6⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        5⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        5⤵
        
        PID:18152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
      4⤵
      PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        5⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
      4⤵
      PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        6⤵
        
        PID:18768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
        6⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37360.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        7⤵
        
        PID:18488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
        7⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        7⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        7⤵
        
        PID:18556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        7⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        6⤵
        
        PID:13756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        6⤵
        
        PID:18292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21408.exe
        7⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        7⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        5⤵
        
        PID:6832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 492
        6⤵
        Program crash
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        5⤵
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36032.exe
        5⤵
        
        PID:18084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        8⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        8⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
        7⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        7⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        7⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        5⤵
        
        PID:14828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        5⤵
        
        PID:18700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19794.exe
      4⤵
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        6⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        6⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        5⤵
        
        PID:18072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        5⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
      4⤵
      PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
      4⤵
      PID:13644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
      4⤵
      PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
      4⤵
      PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        8⤵
        
        PID:18744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29164.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        7⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        7⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        6⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
        7⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        7⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        6⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        6⤵
        
        PID:14876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        8⤵
        
        PID:18684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        8⤵
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        7⤵
        
        PID:14532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        7⤵
        
        PID:18632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        7⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31642.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        6⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        6⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        5⤵
        
        PID:17776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12510.exe
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        8⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        7⤵
        
        PID:15912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        6⤵
        
        PID:15860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49358.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-172.exe
      4⤵
      PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        6⤵
        
        PID:18144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56537.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
      4⤵
      PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
      4⤵
      PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11486.exe
        5⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        7⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
        6⤵
        
        PID:15384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62405.exe
        6⤵
        
        PID:18660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        6⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        5⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        5⤵
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
      4⤵
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        7⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        6⤵
        
        PID:18624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29869.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        5⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        5⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        5⤵
        
        PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
      4⤵
      PID:13512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      4⤵
      PID:17836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32412.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        6⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        6⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        5⤵
        
        PID:17788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47108.exe
      4⤵
      PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54013.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
    3⤵
    PID:620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
      4⤵
      PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
      4⤵
      PID:16288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
    3⤵
    PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
      4⤵
      PID:17192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
      4⤵
      PID:18688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
    3⤵
    PID:13192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
    3⤵
    PID:17300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        10⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        9⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        9⤵
        
        PID:16416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        9⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        9⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        9⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        9⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        8⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        8⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        8⤵
        
        PID:18976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        7⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        8⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        8⤵
        
        PID:18904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        7⤵
        
        PID:18616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        7⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
        7⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        7⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        7⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        6⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        6⤵
        Executes dropped EXE
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27469.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        9⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        9⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        8⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        8⤵
        
        PID:16320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60884.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        8⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        7⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        7⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        6⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        8⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        6⤵
        
        PID:10180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        6⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        6⤵
        
        PID:19364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        6⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        5⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32931.exe
        7⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        7⤵
        
        PID:19440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        7⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        7⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        5⤵
        
        PID:7328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 492
        6⤵
        Program crash
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        5⤵
        
        PID:18148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        8⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        9⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        9⤵
        
        PID:15556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
        8⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        8⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        8⤵
        
        PID:18660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        8⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        8⤵
        
        PID:16644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        7⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        7⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21264.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        7⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57578.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        7⤵
        
        PID:19356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
        7⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        6⤵
        
        PID:18604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        6⤵
        
        PID:10568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        5⤵
        
        PID:15448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        5⤵
        
        PID:19372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        5⤵
        
        PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        5⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30533.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63466.exe
        7⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13705.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        6⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        6⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        6⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        5⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        5⤵
        
        PID:18584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        5⤵
        
        PID:14868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
      4⤵
      PID:7372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11208.exe
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
      4⤵
      PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
      4⤵
      PID:5832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        7⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        7⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        6⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        6⤵
        
        PID:18568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        6⤵
        
        PID:19416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        5⤵
        
        PID:10660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        5⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        5⤵
        
        PID:19432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55622.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54495.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        6⤵
        
        PID:15844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16694.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        5⤵
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57112.exe
      4⤵
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20226.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        5⤵
        
        PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
      4⤵
      PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
      4⤵
      PID:16216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
      4⤵
      PID:7092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1246.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        5⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        5⤵
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        5⤵
        
        PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        5⤵
        
        PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
      4⤵
      PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
      4⤵
      PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      4⤵
      PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        5⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        
        PID:18804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        6⤵
        
        PID:18812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63365.exe
        6⤵
        
        PID:18504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
        5⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        5⤵
        
        PID:18552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
      4⤵
      PID:15604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12620.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
      4⤵
      PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
      4⤵
      PID:18928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
    3⤵
    PID:9804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
    3⤵
    PID:13360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
    3⤵
    PID:17916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        8⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        8⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48828.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        7⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        7⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        7⤵
        
        PID:17684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12101.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43917.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        7⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
        5⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        6⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        6⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        5⤵
        
        PID:10232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        5⤵
        
        PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        5⤵
        
        PID:4656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 484
        6⤵
        Program crash
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        5⤵
        
        PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30445.exe
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        5⤵
        
        PID:15720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
      4⤵
      PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
      4⤵
      PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
      4⤵
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
        7⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        7⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        7⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
        5⤵
        
        PID:12436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37445.exe
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
      4⤵
      PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        6⤵
        
        PID:14340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
        6⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        5⤵
        
        PID:12220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
        5⤵
        
        PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
      4⤵
      PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
      4⤵
      PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
      4⤵
      PID:17752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-828.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
      4⤵
      PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
      4⤵
      PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      4⤵
      PID:19344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
      4⤵
      PID:13096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
      4⤵
      PID:17484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
    3⤵
    PID:8680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
    3⤵
    PID:13704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
    3⤵
    PID:18048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        7⤵
        
        PID:12912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        7⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        7⤵
        
        PID:19092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        6⤵
        
        PID:11216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        6⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39824.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        5⤵
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
      4⤵
      PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        5⤵
        
        PID:7612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 716
        6⤵
        Program crash
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        5⤵
        
        PID:18612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13342.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3510.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
      4⤵
      PID:9904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      4⤵
      PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
      4⤵
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20229.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
      4⤵
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        5⤵
        
        PID:7604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 640
        6⤵
        Program crash
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        5⤵
        
        PID:18032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
      4⤵
      PID:13232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
      4⤵
      PID:16824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
    3⤵
    PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60746.exe
      4⤵
      PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        5⤵
        
        PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
      4⤵
      PID:8504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12623.exe
      4⤵
      PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
      4⤵
      PID:18740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32292.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24973.exe
      4⤵
      PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      4⤵
      PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61547.exe
    3⤵
    PID:8344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
    3⤵
    PID:11964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
    3⤵
    PID:16940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
    3⤵
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        6⤵
        
        PID:64
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6493.exe
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        5⤵
        
        PID:18576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
      4⤵
      PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        5⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52341.exe
        5⤵
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
      4⤵
      PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
      4⤵
      PID:15324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      4⤵
      PID:10344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
      4⤵
      PID:14800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
      4⤵
      PID:18672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
    3⤵
    PID:9828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
    3⤵
    PID:13560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
    3⤵
    PID:17844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        5⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        5⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16307.exe
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
      4⤵
      PID:11824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
      4⤵
      PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      4⤵
      PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
    3⤵
    PID:8212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
    3⤵
    PID:11356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
    3⤵
    PID:16832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
    3⤵
    PID:18748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5689.exe
  2⤵
  PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4254.exe
    3⤵
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
      4⤵
      PID:15776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
      4⤵
      PID:19376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
    3⤵
    PID:8440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
    3⤵
    PID:12184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
    3⤵
    PID:15504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
    3⤵
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
  2⤵
  PID:6320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
    3⤵
    PID:11664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
    3⤵
    PID:16144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15713.exe
    3⤵
    PID:1596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
  2⤵
  PID:9712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
  2⤵
  PID:13384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
  2⤵
  PID:17904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4656 -ip 4656
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6832 -ip 6832
1⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7328 -ip 7328
1⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7604 -ip 7604
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7612 -ip 7612
1⤵
PID:12144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:18768

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:19056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe

Filesize
184KB

MD5
b6b891ecf006ff7873ee66852321e72b

SHA1
e3765bac99d3c67648acb3849f4a03508bd552e6

SHA256
457a5792cce92fcfe851a7a95ca2b153bfbe81327199db51002a54334f04316f

SHA512
437a19e77747be818a60358cfff4cb099641dad345f05d4b09dd8bfc1569993b1d0ae28a538070050ee88e2d94c8bfba1f56ed68db3fad4eab8452354b718dbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe

Filesize
184KB

MD5
ebd47f66e719e2b2e021fbc4e3660aa5

SHA1
8f2018bc292a00e32da56ccb326e0fb6aa7b8485

SHA256
bf3d36b0d3b9731a3c01770ad7c31e3e66f763df8c08b1a1253465122b9aac4d

SHA512
90ef41fcaba9a0649e9d8cacb5da658e7f2f706fe2e2728a92dcbc6bb8ea615a9eb56048a3d4a87b8a61ac5ac6564594497110ffecfdbff4f79d89b3b4bad84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe

Filesize
184KB

MD5
bbf4713aacad0ca316dc7f73e4e418f1

SHA1
ae6c4f726da635865c5cf5992d59a44b0a873fd1

SHA256
1f65621bf850da20e977a578f981e71a4d96fc7be0feccfda9c4eb3f59063125

SHA512
7226bea7c65da5c6d46ed21122417cb79cf7ecdbd6774f208af4d9dd24eaf73ecf412a41a749416aa85e3bcecf8b660270d084b4b0246866e2deda94fa04a731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe

Filesize
184KB

MD5
6196f8fd4075cbac42c692bf9d219039

SHA1
56c8dff9bf7a60357756457ab4e9d5d63b4c85bf

SHA256
bb76c2eebca831140f26a6af63f279622f73e790670cc56b24f0890d9c033c9f

SHA512
c8ea254688854b233fb9da37d93ec637f737d8451378ecdebfa5d75cfe1cd400aee931055e06c08b4a57f8ea8f3b2b2050a231ba7ea3db9382269022db71d6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe

Filesize
184KB

MD5
c124718610df7be009aab58ae87689bd

SHA1
3440c24b4e701660116385ca5a37fd15c6ae49b4

SHA256
dfb2035f310065e800ff0aa052d69379b86f9e30545dce66d732fa59d4df37bb

SHA512
c7f67330baa7f24b232e5a8f98b7839c002ac69426213509f3a193814c514d79dfee6ced61273984a7ef2300ceade41701f8ee8bdad6adfb8051f3c158804c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe

Filesize
184KB

MD5
3ec396c3fc3d3ca33b514e6816261a70

SHA1
f752168adca4d681a10005c547c05077a96c986b

SHA256
eb517fb1151ba75f699dfcbb952f346c8ee8e32f6f8feeb7d5909b92f786b184

SHA512
c083e038ae8d7257fa1237833dac5f763adfe1eb5d027af69aca7c443a043015ef61a6b35c01ac9e4535d1794b0f6fd2f1ade2acb9bc194ed2561bdd1a5ef3a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe

Filesize
184KB

MD5
5e811d1a0f87a3a680cd48509f3cbc7c

SHA1
a3ae309b1f6bec64b953870ed8eb0a3abd17af87

SHA256
7ddad7043b488e690e1c0b7c4cc935ae4db923a58b85ab6a0f343b339290a845

SHA512
c4779c3ee8277e78a22f90cb28799383f6e1618afe1951eeaa558b498ea1eee23f2a3daead933859df0b22dd9c8f783fb683ca90583a856f2c9d144c4bb30431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe

Filesize
184KB

MD5
50e976cd0354edcbf33cf71221101b5f

SHA1
3d0837dc5fc6f37412eae18c837b6a150f252e2a

SHA256
c7f1b9b724957416ae57b720758d62663b511e6aedd2621c3cd5c8d279ea0abb

SHA512
d4cdbccbd9336ad21cdf01cbe34ca4848a3890e28f1a65080a81a44f20a254f0dcdc69b28217595964d00bf42469ecd1cd8960552f818383d90dbca3f40819bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe

Filesize
184KB

MD5
785297654c1d8f72e711407a5fd9d781

SHA1
cc0708d17f5c5fd1bd9e39f3cc31f751106586df

SHA256
8cedd9d53a4843372447c8497657ccc63270a1e14ae9fb2f479d0dd2ea3b2455

SHA512
9c0478106f7e411933775a91256d1f965c04479645bb86410dd841c221310f029638abbf8926260a50cf008c83f1808bab51d1992c147042c90d2e0560b4036a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe

Filesize
184KB

MD5
7c3ff6e423ab08160ea07ae45c3eed75

SHA1
af53209415025f31e12c2303a0978374c305b9cf

SHA256
bce3eb7022a81be50e28f9732d82ec106bf28ced8e20dff61bbd791c9d2a7917

SHA512
cd12fabf5ef3d2aca5019208e4a58ea37e31b1332c77dbdc3ac2d217ea9e2264dd5c494c18cf95c4799febd3ae18dac48897971b7668259be96b8d005e059051

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe

Filesize
184KB

MD5
a00d78006b088b7dd50efc46b117606a

SHA1
56615c8a096fc1df5a4fa7affcfa4d77b2ae0c9e

SHA256
a463f085ab3b0b226a62a8bda22020e5c8e603dc992fe1b7f8dba5441541aa8a

SHA512
51ad071b80eb9b7447f16707a4fd37b3516178ac9f8003fd627d4eec1ff73b254f5e4e398b09a7bd79949dbeb9f8dad12c691a699ed76bffe54ecabd1f90b343

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe

Filesize
184KB

MD5
4f4b09aefb5d48e2334daab011cf2ab2

SHA1
6aebee763a0b85eeba0d8d98773de8af1a99cd0b

SHA256
4529501c3804cbd4d270cb7b7f4914edeb7484904a1dbe1406a5d0edfc028fd6

SHA512
72f0b5936f3ff99e38c71c7c6e47b60333b53577f43fd4185bf5064499feea7b633ac7cbbb4e6398d2e85d1a64a61bffc2b314e41d99a22c5baad7c9222397e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe

Filesize
184KB

MD5
aaa5faeaa1c1bd685a02def04a2a9b75

SHA1
49f150c1a168a1935ae42b2ee303c3e9d3a2abe5

SHA256
8cd3e369431278a488df697c56f5b7aa86371da592820e598622cf5f65746bc7

SHA512
789dcab34abbc64113e435a32f1e2ffd87c0bb3782147bd8bd0b9e7b3abe75178220d22f7a76e791e8e62d26927144604ac5eb5dc7794c8957cbf3a57e963ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe

Filesize
184KB

MD5
7f28ab3032f9606297b20415a6fe9b4b

SHA1
c49c41c06f7da8128f73b310e9bdf617e2e43ecf

SHA256
11954095ca29eafd9ff69b1dc82b48fe24d410cba9209b1ae8a80d7377688925

SHA512
626c04a0d519f43b4f79f6a8e719f31192f99b0ec1255e8603d01680fc38fb043aaafa39247ee636b4e40248d924baaf0396cd5cca9bd79201c8cfbed9ac04a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe

Filesize
184KB

MD5
973a5fb42c2de25b0a99643aa7cdc516

SHA1
e151732f1030e388c275aee2050be04ab5975f61

SHA256
c1c9409bd900e746c2d3619196228305ee836f9c4d7a4e4820fdedbfd6b0ae36

SHA512
eb401bf728f6253da1d7159cfb7f66868b43bb7ce8a6e3e9572754598435c88a0e70f9e7ae73c7e79b8afab139b7c915f06452e22474aefe5ca36bfdebad8532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe

Filesize
184KB

MD5
dc6d263a7408d65fb9060147e17b45ab

SHA1
42570e9e0a8d2d88cbb1c6ace12cb9783bd8a80a

SHA256
9715a2fecba68832f1252b5bb548dfa79050ad23ae00117dd922656c99a15a8b

SHA512
2cb1fb15bfce30fceb535383b05ded065487f5bbdd6bd94d49c0796c15ff185d6a914e04cac208ef94b69bcfc8dc36f2d5dc49b1437d27e84e7bd13354d42dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe

Filesize
184KB

MD5
0bfe0aa5c95e0e8ddfb2411bba58d8c7

SHA1
79ea5c3393a8ed0ce460178cd099b2b26d188f18

SHA256
950f826dcc7640e1f3f5d9348b445136136b4a58336dabc4315c269f7bb69b3b

SHA512
b9afab305b7fd022696ba27a3f4b9555d0794c24141a9da76d7f9e03cde67d875088bb2f2354e5cf407a212ec8fa8807049d4e6ddfd3c84c69f6b84ce79e6317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe

Filesize
184KB

MD5
511aa9a2ff500027fcf7cb7315d5d9d8

SHA1
cb2279ab2ef4ad66cb79339f1cd2f5be2c6a7c6c

SHA256
254d84af1f12ebbf5348345e804ccaccefa7dafb73c0025c2e2905a435fb4a30

SHA512
7383a51fbb1d3e4bdbd082cd131e4b5100b979a7de09cf84763bc9dcb5cf91cee25988fbb4d921dab6b9e4a8feb112bebf8857f45835d2572254d663de91b988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe

Filesize
184KB

MD5
0d1f31b0ac2129f4e93fcc3d466e1fdd

SHA1
de8a9e4a9de6346a8c2cd8279ae71df0a2b45516

SHA256
a0dd2000fe78c0ae3f5a6033e50107043f1a9f733943293956201ebe60fb7c00

SHA512
c0975aeedb5c63bbe080b9b9356c0553e2f6f0d42bbbb26bc94a12c9db57dfb90ae4f5039393ea63f11e5c3a429ceca7adf8334e09d7e3831c50134f95db4ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40196.exe

Filesize
184KB

MD5
3ac952dcc404e12f832a9d2e0063a6cb

SHA1
0cfd68dfc0f0dd91bde281d0b012a7d68e02a8a5

SHA256
30391b28bb7ee0dd736c37355452a38056832b8db24454c5751108f6de1c53ab

SHA512
3f33b1d28d8a42c612bfa37174b469a4605929a5fe2fbd38740d319bca2d10d4fc37ecb15a3b16e9d69dd1c49667a620bea9d2d3bde7888ea5f4fca72cc962e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe

Filesize
184KB

MD5
55d812ac9b70a4579e4924ae8a18ee9b

SHA1
098e3a6dd900c812239cfb414e209215af586856

SHA256
e57068ee2d8b1cd67a3ae8328a93c42cd270f4119fe95a5eaace3737b6a5a3b3

SHA512
93e4b1222af255f4c860741929fb50b85aad4b85e4017f6de9ea9807aa532bdde3ce12459bdaf43da0c9ce056b89c808403b5d453e78c28a7557358b7d69a223

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe

Filesize
184KB

MD5
b0e414ccf5266a4b579c95cf8d626ea1

SHA1
545cdd850766c77cc33f9d8508a77c44e2aba05e

SHA256
745d5c8d244776ad68dd06578e84dfc02565fcdc9505b9639633cc223661256b

SHA512
5c8ca72f6286902852919a132d0d9fc8cc430273fab421efa6e5f34f6de28de64f82c9852e3eef2ba5958bb23567ea7258bf4d4089192034d8f2d39a2aed9bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe

Filesize
184KB

MD5
83755e81f53fe92c44b43e78fc75d07e

SHA1
e2a6df1209fd6f5300977dc10034786c2debf012

SHA256
19e6931aaf6713f784c42dae61232295aeaa7f0ab1d0072215cb5281e3adc806

SHA512
81695e5ff1b138895da05d0ef88dc3b6a8adce4cead9e7f676ac646cf8703d961c01a3b534e465ab13a4f6a7234a4c10d5a9b74e1db6eae9203174352ac62f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe

Filesize
184KB

MD5
71a0d545eb8deb818f25e66f86d53e31

SHA1
e49bccea63bf03039de70e79dcf98842bd32e581

SHA256
f87406173197764d0aeadf835edee0a0b7f0e7db9f2fddf4804d3b7b75b7daf6

SHA512
19f3c489f04f01ed6a5b659223f19b6f2eb66644e41f0d006afc96646c032eb9e37ee9d77e3eea6280ed20bb2defe3992751f859c40f4ca49c10b9fd49c68d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe

Filesize
184KB

MD5
198443f796bb8f94691cc8572bc2d461

SHA1
f660027cb76291b4ad77ed2a9712bcf60e9b5d06

SHA256
3eddd1c38626854b4a707def455b2710a1b393f18a5718917c4de8ccc696cdb7

SHA512
2fbaab97ff88f547cf7c8ee0b4bbd4c628ea12be495a6ba28c094d4290546a59899054b3d79cdfdcdd9aa0c4a9774d8ef3672646db301264abe18e5756f3eabd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe

Filesize
184KB

MD5
210c811ea1db041f0fc49d382d879208

SHA1
6608f1761377f3de2361259794c3155708cb176f

SHA256
7281d1fc1cc5f2cdc4f534450fe0e5c228d19533621e975fa1aeff992b95461a

SHA512
e8a713015a9f8acef3a96332cff5f99736a143fb4ec021e6f86010e4b630dfce1838135de089396f6dbaf138ebc8651f2b862645ba160bffe6ccfe89948f788c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe

Filesize
184KB

MD5
41635217e17a7333f6199d347c05ea21

SHA1
4f75fc28ee9f4df050161bb15106c1157f6594b6

SHA256
2c3f55a2817210f4632f061c6ec95bcd53ac0c29ce8e7addf0c265fe3ec84550

SHA512
54ff49a50798863c401059f9514c95d92c09738457bfc3fa01a974f10e998002f1b958e12d1615f43643bdb9b0c02ae97f92e63e1e59f48e3748dea7c40efd1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57069.exe

Filesize
184KB

MD5
21b37ce5945163468b6878df665669be

SHA1
b289d507c38bfb59aad3f631d9cdd1708eda15ef

SHA256
f45b9842b1892d3521e0fbe250267f7600e6500a475b9eb998b70a9e186850b4

SHA512
046495e19ea65aee20629551fbbb41a6daa7d92df4331f82636e7362e58b8fe7efaf460aec049dc82f43bf5004faab8f817c2b250c0eb34a1ddca0028490f1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe

Filesize
184KB

MD5
bbd9693b9bf5aec0b4564d033dd1a2a8

SHA1
a7ba06c35b403c079f9749d311fa2f7d14ff3f56

SHA256
5d44252d1ebda935ea4dabe88382d2bd26d505d182e114021bb73eedab932445

SHA512
21ab972c031aa62f6b77534fe141a0c84369df46056d3b1aaf023fa071ee4d09bbef85c8b95887c45ca0201c74e394ca7dcd77a9567eab458bba0d68b463c444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe

Filesize
184KB

MD5
543aee5d0063b5d43c0e8480088a83a6

SHA1
8599e63c00678f4ae022283368be43f272da6eee

SHA256
a60078135fc2a7de5e4b00770b669bcf4d3a17cda7e69cedce857f657c7ed384

SHA512
2ef630372d213014977d5f6eba6c004fdf8dbd62dc719287b34e50cb75d1a9db16ddd8ec9ef1aec79b60ceb811dde4bbceb9eb44226c98be73c6240671c9252e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe

Filesize
184KB

MD5
00d2c3116bc47574b8cc5ea85d8dd586

SHA1
af61bf7dd6093bd2c08651bfb17054edebe4eb04

SHA256
7194eeb9200f825e4e79b4ab9822e35e1349185af7918a5c2cf5108396b1a955

SHA512
86cd265a0b73a257bdcd02aa4bf19ea68542e2d920aad415f58c9093b83ca5614ab8bb309d8cf1fbeb0e2587cd7d2c1432722efe93b273840ea1da531feee908

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe

Filesize
184KB

MD5
8ea8e11e9092d25b435dd192f83c86c4

SHA1
abe0172103f45ee6c46d96e890e1c654f938cca8

SHA256
05bf043f8943ded7a1b94375163c4220b94d109d1393042158fc5d0c08b961c8

SHA512
e4aaaa20f65ac2de95643879e9f033b484ae38679731301a95e0e921d9cd634e1fe2240e8efc192e2e066a68bc9897315e692d7a7672bfe445cf4a75d8dfaf47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe

Filesize
184KB

MD5
2072c8c1154ec8f3036cd15646601f95

SHA1
c4fca6142d90bb5822547696832f407439c95879

SHA256
2e20144e2692d749701040529a3674401e3350dba2034f0cff3cfc6c23a5c646

SHA512
3c6b4f0c4afb19beab587923d4c5ecec2bbf4916685e81afc9f79a830335b4cbeb28a919e7d4f294a547224c92737b4cda11cc31f0c5dccfdd0c3ad7387a704f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe

Filesize
184KB

MD5
6d58d9699a75710fe938c19bbf15e235

SHA1
fed6281878d0a7960b29ce8c7ac5239d6a564a39

SHA256
fa049e02ebf03f77b7e45dc22b3ebd497cee95149b4c7398fe8a6a231693e778

SHA512
e572d9ceb0cc80bacd93c04a50b6b6353045ec14b902ec6ec8024348cac34d34070cfa90a7011d3074a3d949532f708c18aabcfe5659ec45e9b0e2d1cd2e3e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe

Filesize
184KB

MD5
223bf2a9e0425486725c6ff45063bc35

SHA1
9c83490618c866634fa8f00f92a05259d7bf7657

SHA256
3f10f90ac1c726a9d7e4da8350220f4878ef6995e49c2b57660e79aa8f2eb953

SHA512
dc2d90b4c788ea6f546f416885373c12899ce00ad3a805ed1721e57bc213be135c09d4339afe979cd51770356b6fedc855789c437cceffd00c59b9582a19ba67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe

Filesize
184KB

MD5
914c340ef9d55bb4fcebd28ce903215a

SHA1
52935274f046185dedd606f0f80b0f574d444ffe

SHA256
cd53fd04debb44a29d5bf85fd7156c21a87e058dcad7f5bcfdeec3b9379e944b

SHA512
44922752a0c440ffa03316ffd2f9225a16e4deecbd6e9ed660a05bf4a8ab23f2cf6c26916ec9128dc222db1717838cf0433181127b1daa8a16147def8d7f0360

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe

Filesize
184KB

MD5
edff2d450a896bf3c169d0fbc9963653

SHA1
f2da3597e85a34088c1af2a28fffdbdb581b14f0

SHA256
f69ed7f8932bde4e30c10422bf89e20053233856691e71e57059b556b5a46584

SHA512
8d4f6d3bf4bc43a99a1b16ab553b67a1b04937f8d3940fdc9ba2d2d2187ca66076f8017bdd1829ee8e67cf065ee1ffd11065b60a14744c3ce555d57396b7875e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe

Filesize
184KB

MD5
62d1067cff8a417e25c58e35df29aab9

SHA1
45398e90fe368432423870e9fca65f40f424dfb1

SHA256
f6f59c3c370b1a6536a8e63c3c99ef50eb2c236c4f0b4f7a897b8f071bb0b012

SHA512
8a5ab4c18df431fbd69582eeaede40a0d77e4045fc355c08f623e3e1edb6a99de7c4dbeb8cedc2498a93915f21690e76dae5d6977cf7d4f929d1aecdf0d032e9

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads