fe4a69d2f5c203e3860af09b33b1d241a846fdd7b7457ba8ccc8a99c5b8b3499

Analysis

max time kernel
137s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe
Size

184KB
MD5

a0b8be1232bf4574f99ac1429d008ad0
SHA1

8a58b5de30372ed8aefa54859d1b9abdb9f4fba1
SHA256

fe4a69d2f5c203e3860af09b33b1d241a846fdd7b7457ba8ccc8a99c5b8b3499
SHA512

504a0fc37d2c1e9841c31c7df76abce3c7a07a0250a52ea04a184f94dbf6dd27d6da3f094d5504e293b3c2b9d3fc440db1b11641da534ac423017cff0201959d
SSDEEP

3072:x9Q7QOoga4KZd4XZWiWn8Y7pnlvnqnxiuY:x9mohX4X08OpnlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2968	Unicorn-5870.exe
3316	Unicorn-17280.exe
3008	Unicorn-37377.exe
4396	Unicorn-23476.exe
3860	Unicorn-19392.exe
4260	Unicorn-65063.exe
832	Unicorn-53225.exe
2448	Unicorn-10751.exe
2388	Unicorn-22681.exe
4464	Unicorn-14643.exe
3668	Unicorn-40309.exe
4112	Unicorn-46439.exe
1572	Unicorn-46439.exe
2356	Unicorn-22489.exe
1568	Unicorn-42090.exe
4248	Unicorn-56911.exe
4768	Unicorn-32961.exe
4060	Unicorn-49620.exe
3156	Unicorn-10625.exe
3488	Unicorn-17908.exe
4852	Unicorn-17908.exe
1208	Unicorn-53787.exe
2244	Unicorn-58940.exe
4468	Unicorn-44450.exe
4456	Unicorn-30714.exe
1584	Unicorn-46231.exe
5088	Unicorn-7908.exe
4056	Unicorn-62510.exe
4116	Unicorn-59023.exe
1076	Unicorn-31866.exe
4408	Unicorn-17991.exe
640	Unicorn-51218.exe
1416	Unicorn-59900.exe
2464	Unicorn-39490.exe
1888	Unicorn-36225.exe
1788	Unicorn-36225.exe
448	Unicorn-9805.exe
2044	Unicorn-60860.exe
1656	Unicorn-7061.exe
3556	Unicorn-8544.exe
2420	Unicorn-11898.exe
4384	Unicorn-50279.exe
2712	Unicorn-37088.exe
2884	Unicorn-8042.exe
3200	Unicorn-8307.exe
3652	Unicorn-8307.exe
2432	Unicorn-48271.exe
3220	Unicorn-34849.exe
872	Unicorn-32049.exe
4648	Unicorn-27659.exe
1836	Unicorn-7238.exe
3536	Unicorn-62147.exe
4560	Unicorn-43225.exe
3468	Unicorn-30765.exe
4920	Unicorn-17030.exe
2024	Unicorn-8006.exe
2032	Unicorn-49594.exe
4540	Unicorn-42023.exe
2424	Unicorn-13242.exe
4636	Unicorn-42385.exe
4968	Unicorn-36578.exe
3244	Unicorn-49807.exe
3460	Unicorn-5759.exe
4816	Unicorn-45723.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
1944	4768	WerFault.exe	107
7876	7868	WerFault.exe	329
8520	6196	WerFault.exe	250
11208	10236	WerFault.exe	483
10148	10020	WerFault.exe	485
9644	10040	WerFault.exe	486
9176	9180	WerFault.exe	484
3896	13956	WerFault.exe	704
14436	13972	WerFault.exe	702
14936	14040	WerFault.exe	710
14756	14032	WerFault.exe	709
18656	18344	Process not Found	1027
11840	5604	Process not Found	994
18824	5532	Process not Found	980
11316	18192	Process not Found	1088

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6536	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5344	dwm.exe
Token: SeChangeNotifyPrivilege	5344	dwm.exe
Token: 33	5344	dwm.exe
Token: SeIncBasePriorityPrivilege	5344	dwm.exe
Token: SeCreateGlobalPrivilege	8244	Process not Found
Token: SeChangeNotifyPrivilege	8244	Process not Found
Token: 33	8244	Process not Found
Token: SeIncBasePriorityPrivilege	8244	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe
2968	Unicorn-5870.exe
3316	Unicorn-17280.exe
3008	Unicorn-37377.exe
4396	Unicorn-23476.exe
4260	Unicorn-65063.exe
3860	Unicorn-19392.exe
832	Unicorn-53225.exe
2448	Unicorn-10751.exe
2388	Unicorn-22681.exe
4464	Unicorn-14643.exe
3668	Unicorn-40309.exe
4112	Unicorn-46439.exe
2356	Unicorn-22489.exe
1572	Unicorn-46439.exe
1568	Unicorn-42090.exe
4248	Unicorn-56911.exe
4768	Unicorn-32961.exe
4060	Unicorn-49620.exe
3156	Unicorn-10625.exe
4852	Unicorn-17908.exe
3488	Unicorn-17908.exe
2244	Unicorn-58940.exe
1208	Unicorn-53787.exe
4468	Unicorn-44450.exe
4456	Unicorn-30714.exe
1584	Unicorn-46231.exe
4056	Unicorn-62510.exe
5088	Unicorn-7908.exe
4116	Unicorn-59023.exe
1076	Unicorn-31866.exe
4408	Unicorn-17991.exe
640	Unicorn-51218.exe
1416	Unicorn-59900.exe
2464	Unicorn-39490.exe
1788	Unicorn-36225.exe
1888	Unicorn-36225.exe
448	Unicorn-9805.exe
2044	Unicorn-60860.exe
1656	Unicorn-7061.exe
3556	Unicorn-8544.exe
2420	Unicorn-11898.exe
4384	Unicorn-50279.exe
2712	Unicorn-37088.exe
2884	Unicorn-8042.exe
3652	Unicorn-8307.exe
3200	Unicorn-8307.exe
872	Unicorn-32049.exe
4648	Unicorn-27659.exe
3220	Unicorn-34849.exe
3536	Unicorn-62147.exe
4560	Unicorn-43225.exe
4920	Unicorn-17030.exe
2432	Unicorn-48271.exe
1836	Unicorn-7238.exe
3468	Unicorn-30765.exe
2032	Unicorn-49594.exe
2024	Unicorn-8006.exe
4540	Unicorn-42023.exe
2424	Unicorn-13242.exe
4636	Unicorn-42385.exe
4968	Unicorn-36578.exe
4816	Unicorn-45723.exe
3460	Unicorn-5759.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 2968	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 2968	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 2968	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	88
PID 2968 wrote to memory of 3316	2968	Unicorn-5870.exe	90
PID 2968 wrote to memory of 3316	2968	Unicorn-5870.exe	90
PID 2968 wrote to memory of 3316	2968	Unicorn-5870.exe	90
PID 4868 wrote to memory of 3008	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 3008	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 3008	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	91
PID 3316 wrote to memory of 4396	3316	Unicorn-17280.exe	94
PID 3316 wrote to memory of 4396	3316	Unicorn-17280.exe	94
PID 3316 wrote to memory of 4396	3316	Unicorn-17280.exe	94
PID 2968 wrote to memory of 4260	2968	Unicorn-5870.exe	96
PID 2968 wrote to memory of 4260	2968	Unicorn-5870.exe	96
PID 2968 wrote to memory of 4260	2968	Unicorn-5870.exe	96
PID 3008 wrote to memory of 3860	3008	Unicorn-37377.exe	95
PID 3008 wrote to memory of 3860	3008	Unicorn-37377.exe	95
PID 3008 wrote to memory of 3860	3008	Unicorn-37377.exe	95
PID 4868 wrote to memory of 832	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 832	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 832	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	97
PID 4396 wrote to memory of 2448	4396	Unicorn-23476.exe	98
PID 4396 wrote to memory of 2448	4396	Unicorn-23476.exe	98
PID 4396 wrote to memory of 2448	4396	Unicorn-23476.exe	98
PID 3316 wrote to memory of 2388	3316	Unicorn-17280.exe	99
PID 3316 wrote to memory of 2388	3316	Unicorn-17280.exe	99
PID 3316 wrote to memory of 2388	3316	Unicorn-17280.exe	99
PID 4260 wrote to memory of 4464	4260	Unicorn-65063.exe	100
PID 4260 wrote to memory of 4464	4260	Unicorn-65063.exe	100
PID 4260 wrote to memory of 4464	4260	Unicorn-65063.exe	100
PID 2968 wrote to memory of 3668	2968	Unicorn-5870.exe	101
PID 2968 wrote to memory of 3668	2968	Unicorn-5870.exe	101
PID 2968 wrote to memory of 3668	2968	Unicorn-5870.exe	101
PID 3860 wrote to memory of 4112	3860	Unicorn-19392.exe	103
PID 3860 wrote to memory of 4112	3860	Unicorn-19392.exe	103
PID 3860 wrote to memory of 4112	3860	Unicorn-19392.exe	103
PID 832 wrote to memory of 1572	832	Unicorn-53225.exe	102
PID 832 wrote to memory of 1572	832	Unicorn-53225.exe	102
PID 832 wrote to memory of 1572	832	Unicorn-53225.exe	102
PID 3008 wrote to memory of 2356	3008	Unicorn-37377.exe	104
PID 3008 wrote to memory of 2356	3008	Unicorn-37377.exe	104
PID 3008 wrote to memory of 2356	3008	Unicorn-37377.exe	104
PID 4868 wrote to memory of 1568	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 1568	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 1568	4868	a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe	105
PID 2448 wrote to memory of 4248	2448	Unicorn-10751.exe	106
PID 2448 wrote to memory of 4248	2448	Unicorn-10751.exe	106
PID 2448 wrote to memory of 4248	2448	Unicorn-10751.exe	106
PID 4396 wrote to memory of 4768	4396	Unicorn-23476.exe	107
PID 4396 wrote to memory of 4768	4396	Unicorn-23476.exe	107
PID 4396 wrote to memory of 4768	4396	Unicorn-23476.exe	107
PID 2388 wrote to memory of 4060	2388	Unicorn-22681.exe	108
PID 2388 wrote to memory of 4060	2388	Unicorn-22681.exe	108
PID 2388 wrote to memory of 4060	2388	Unicorn-22681.exe	108
PID 3316 wrote to memory of 3156	3316	Unicorn-17280.exe	110
PID 3316 wrote to memory of 3156	3316	Unicorn-17280.exe	110
PID 3316 wrote to memory of 3156	3316	Unicorn-17280.exe	110
PID 4464 wrote to memory of 3488	4464	Unicorn-14643.exe	114
PID 2356 wrote to memory of 4852	2356	Unicorn-22489.exe	113
PID 2356 wrote to memory of 4852	2356	Unicorn-22489.exe	113
PID 2356 wrote to memory of 4852	2356	Unicorn-22489.exe	113
PID 4464 wrote to memory of 3488	4464	Unicorn-14643.exe	114
PID 4464 wrote to memory of 3488	4464	Unicorn-14643.exe	114
PID 1572 wrote to memory of 1208	1572	Unicorn-46439.exe	115

C:\Users\Admin\AppData\Local\Temp\a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a0b8be1232bf4574f99ac1429d008ad0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        10⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        10⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        10⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        9⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        9⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        9⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        9⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 472
        10⤵
        Program crash
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        9⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        8⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        10⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        10⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        9⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        9⤵
        
        PID:15896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
        9⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
        8⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7860.exe
        8⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        9⤵
        
        PID:14044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        9⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        8⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38375.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        9⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        9⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
        9⤵
        
        PID:15592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25930.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        9⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        8⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        8⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        8⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        8⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50102.exe
        7⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        6⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28856.exe
        7⤵
        
        PID:16548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        6⤵
        
        PID:16292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7623.exe
        6⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 464
        6⤵
        Program crash
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        8⤵
        
        PID:14432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17357.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        7⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12528.exe
        7⤵
        
        PID:16108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        7⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        6⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        5⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65059.exe
        7⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        7⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        7⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
        6⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        6⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        8⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        9⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        10⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        9⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        9⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        9⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        8⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3645.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        7⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        8⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        8⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14032 -s 176
        9⤵
        Program crash
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        8⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        8⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        7⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        8⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        7⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        8⤵
        
        PID:15416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        8⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        7⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13972 -s 176
        8⤵
        Program crash
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        7⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        6⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26004.exe
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        6⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        5⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42157.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43138.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        6⤵
        
        PID:16412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        5⤵
        
        PID:15928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        5⤵
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        9⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        9⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        8⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28918.exe
        8⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        7⤵
        
        PID:15376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        7⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        6⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        7⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        8⤵
        
        PID:13600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        7⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        7⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30140.exe
        6⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        6⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        7⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        5⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        5⤵
        Executes dropped EXE
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        8⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        7⤵
        
        PID:14648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        7⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
        5⤵
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        5⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24878.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
      4⤵
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59184.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        6⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13956 -s 212
        7⤵
        Program crash
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        5⤵
        
        PID:14400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        5⤵
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
      4⤵
      PID:15912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11898.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        9⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        9⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58774.exe
        9⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11124.exe
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50482.exe
        8⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36298.exe
        7⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        7⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        8⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54039.exe
        7⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        7⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        7⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        8⤵
        
        PID:17428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        6⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50538.exe
        7⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        6⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        7⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        6⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        5⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        7⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        7⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38027.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        6⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        5⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        5⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        5⤵
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        8⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        6⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        7⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31453.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11825.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        7⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        7⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        6⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        5⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        6⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        6⤵
        
        PID:13244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        6⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
      4⤵
      PID:9624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
      4⤵
      PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39869.exe
      4⤵
      PID:17660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
      4⤵
      PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        5⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
        7⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        8⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        7⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        7⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        6⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 448
        7⤵
        Program crash
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        6⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        5⤵
        
        PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        7⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        7⤵
        
        PID:16336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        7⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36331.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6205.exe
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      4⤵
      PID:14040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        5⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        7⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        7⤵
        
        PID:16128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        5⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        5⤵
        
        PID:18192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        6⤵
        
        PID:17696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
        5⤵
        
        PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
      4⤵
      PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60694.exe
      4⤵
      PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
      4⤵
      PID:7532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22713.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
        5⤵
        
        PID:13940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        5⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
      4⤵
      PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        5⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        5⤵
        
        PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7092.exe
      4⤵
      PID:16844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        5⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      4⤵
      PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      4⤵
      PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
    3⤵
    PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
    3⤵
    PID:13768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
    3⤵
    PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    3⤵
    PID:7584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        8⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 464
        9⤵
        Program crash
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        7⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29927.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
        7⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        7⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        6⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
        6⤵
        
        PID:18344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6848.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        6⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        6⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        6⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20631.exe
        7⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        6⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 464
        7⤵
        Program crash
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        5⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        5⤵
        
        PID:17960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        6⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        6⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17133.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        6⤵
        
        PID:13964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        6⤵
        
        PID:16456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        6⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 464
        7⤵
        Program crash
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
        6⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14040 -s 176
        7⤵
        Program crash
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        6⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55436.exe
        6⤵
        
        PID:16448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        5⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
        5⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53466.exe
        5⤵
        
        PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8063.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        6⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        7⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        7⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        5⤵
        
        PID:13176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        5⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        5⤵
        
        PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32335.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        5⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        5⤵
        
        PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43468.exe
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
      4⤵
      PID:16828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        7⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62848.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        8⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        7⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        7⤵
        
        PID:17460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29922.exe
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53558.exe
        6⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        6⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        5⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        7⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46299.exe
        5⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        7⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        6⤵
        
        PID:15628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
        6⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        6⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        6⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        6⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        5⤵
        
        PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46387.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        7⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        6⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        7⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
      4⤵
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57562.exe
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28929.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        5⤵
        
        PID:16516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
      4⤵
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
      4⤵
      PID:14032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8042.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
      4⤵
      PID:8176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
      4⤵
      PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
      4⤵
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19280.exe
        5⤵
        
        PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
      4⤵
      PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
      4⤵
      PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      4⤵
      PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
    3⤵
    PID:7280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
    3⤵
    PID:10696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
    3⤵
    PID:13748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
    3⤵
    PID:3596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        8⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        7⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        7⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        6⤵
        
        PID:17540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        6⤵
        
        PID:17976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
        5⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        5⤵
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64363.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        7⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        6⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44647.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        5⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        5⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57013.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
      4⤵
      PID:8156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5309.exe
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
      4⤵
      PID:14740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
      4⤵
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        6⤵
        
        PID:15444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        6⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34808.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        5⤵
        
        PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        5⤵
        
        PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      4⤵
      PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
      4⤵
      PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
    3⤵
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        5⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        6⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        5⤵
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23819.exe
      4⤵
      PID:9444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
      4⤵
      PID:13160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19446.exe
      4⤵
      PID:17200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
    3⤵
    PID:6196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 628
      4⤵
      Program crash
      PID:8520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    3⤵
    PID:12244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
    3⤵
    PID:15664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
    3⤵
    PID:116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
      4⤵
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54186.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        6⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40382.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
        5⤵
        
        PID:15680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        5⤵
        
        PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34965.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11181.exe
      4⤵
      PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
      4⤵
      PID:18340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
    3⤵
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49698.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
      4⤵
      PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
      4⤵
      PID:17232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34270.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
      4⤵
      PID:9980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
      4⤵
      PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57709.exe
      4⤵
      PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
    3⤵
    PID:11636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
    3⤵
    PID:16328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53725.exe
    3⤵
    PID:17604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        6⤵
        
        PID:16872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        6⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        5⤵
        
        PID:12672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        5⤵
        
        PID:17516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
      4⤵
      PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
      4⤵
      PID:13980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
      4⤵
      PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33377.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
    3⤵
    PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
    3⤵
    PID:11388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18908.exe
    3⤵
    PID:15076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
    3⤵
    PID:7972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
    3⤵
    PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        5⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
      4⤵
      PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
      4⤵
      PID:15368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
    3⤵
    PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
      4⤵
      PID:16904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
      4⤵
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    3⤵
    PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
    3⤵
    PID:13892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53079.exe
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
  2⤵
  PID:5704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13732.exe
  2⤵
  PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
    3⤵
    PID:10072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
    3⤵
    PID:14156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
    3⤵
    PID:552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
  2⤵
  PID:8708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
  2⤵
  PID:12380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
  2⤵
  PID:16428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4768 -ip 4768
1⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 7868 -ip 7868
1⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6196 -ip 6196
1⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 10236 -ip 10236
1⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 10020 -ip 10020
1⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10040 -ip 10040
1⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 9180 -ip 9180
1⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5812 -ip 5812
1⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 13956 -ip 13956
1⤵
PID:14612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 13972 -ip 13972
1⤵
PID:14756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 14000 -ip 14000
1⤵
PID:14844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 14032 -ip 14032
1⤵
PID:14868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 14040 -ip 14040
1⤵
PID:15076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 14096 -ip 14096
1⤵
PID:15220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 14128 -ip 14128
1⤵
PID:15316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10104 -ip 10104
1⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 14100 -ip 14100
1⤵
PID:14700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 14120 -ip 14120
1⤵
PID:14812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 14008 -ip 14008
1⤵
PID:14908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:6536

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe

Filesize
184KB

MD5
80a24bdc79dd57fb521cfb44cc9de257

SHA1
18280400b88c76243f3434b17b41efa9ebcab446

SHA256
5ce5f61e9e350f9cacc338e0008823cdc6c0396fc65241070c55081882dad229

SHA512
7bf1b7033ad0041ba0dd699fe15c609ac9acbc2e940c55594a0b95909c761faae1493d9bedb890b17dd179b891c86500c0b1e04ed01d93e8a6ca341d1104f473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe

Filesize
184KB

MD5
ec6795bf3dc6bd1c73fb175aae137507

SHA1
5cedb8ade4c9b2bd05343c14bc8ebb670bd0b317

SHA256
e6c591dc2adefc046d9d4f2b82cbf5f75b2f90988f2b8d4947753569ed787fef

SHA512
89da7c0b7e892369425229ab09973bae4cfa68e634edbfc17c7b734c7e46021be9bda1bc4c409d663c2bf7a1d33e392f40bbe8b8c72111bf341d7efa8ae7dafb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe

Filesize
184KB

MD5
211f7150d935a1df7e3a4d75efaa9636

SHA1
2de79415a75f2d0dfee4124fa81218cb796f6d9e

SHA256
3bae85875e664533aa9f4b3c51a87c3dcc5d793b68cd7f0b21020e845f56b2da

SHA512
a3a2a30a00cd6f9025b90d280fb390c2c777d014d6f0ff588e168ddfb3b5f31fd7d13050beaad3eb17daab813abb7b4a815569271233e4381e5686078c80d4ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17280.exe

Filesize
184KB

MD5
16193c1a35f7d42a99aad7d56a768276

SHA1
21beda41c5c463990c79e94ae1f8b64c57e03865

SHA256
35480c400aea4269ce1bba17a23d6061f225445772109680d3ee163629ef2f21

SHA512
e5cfb2c54e652110a5a4a0697bc013625cbb25ff7760f838a1e801c4ae1ac4f0e989ea4fdb3eb527704e273b8b0583e0309ae3de977880695dbfb3d5220ddfa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe

Filesize
184KB

MD5
025109b144648c91678c09bd29e14f35

SHA1
b6bb7ff5621063f8e2212de46594c97f51d59240

SHA256
06b88c207af5a61cd70941888249e6e2f276898d003d5cd7bdd1bea8af639fd3

SHA512
a64bac2c5f8faa1e95a0a3f722af76e5528a439c8cdf6ba1e2e3cb7e63ced69b4ca87419e59b4f011ba311b476512558312872746428fdf7e67d1b2bdae47919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe

Filesize
184KB

MD5
28dc060860021f54c72a293061aad20d

SHA1
385b103882e241312889404d63387f826bbbbbd1

SHA256
3e4408130bda359697c02c379864517657fb07e88436a5e9a944ee2eb63101bb

SHA512
2588c5a8cfa08b359cbd92743b9cbbe0db2f9dcb91e85efab5ab5584688fb0c0639fe73d27e9a0e3b620558d25198b5e893a98931d91cd909ccd153562afd02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19392.exe

Filesize
184KB

MD5
91869feb38f4c0e7b6e1a4049785fe50

SHA1
35ee7b8df49f27549538333c2edc398418a8e6d7

SHA256
505ecd3cb12d7d86beba7379f930594531e8e0b32640099d3537b952d06af067

SHA512
8c3b209e26294dd5f4cc38973dbbf51ffa02a1fba6e90fe895b523de3f6183d5c3bf2837c92aa9a91f5982dd39c5b66448b93ebe143030dd0fedaa2de5ef77e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe

Filesize
184KB

MD5
456d964a32d214ab317e8828f0ee064e

SHA1
3664fcb1b2759b444da1fdf816cd2953396ae5a6

SHA256
59615fb7c4cedb280c80171862ab738dd55b5978691f432524af2892ee574bd8

SHA512
0c2688cec2cb75b95bc4f7a6b78529e75cd8ca3bb78beab3ee4f85e94d73b37c5211b9255728d3b9102c2417948c5ed1796a03f6ae028575bda97eff59c5f604

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe

Filesize
184KB

MD5
29e04a9804a45ffd1de5a81c36984feb

SHA1
bd140c3cd9634e294e9f38411332c612724a29e5

SHA256
c991b9d2ceb66cc7628d77b26cb752d52f173f3b69e2a1b559d265f781c02538

SHA512
a8dad25c71b1d2cf7236cb15c098aa1400263e5e600559aeef8bdbffaf7f41b20f202dd8b01cbad5c961b1345387da70272cf9d1b320531b58cc7a46b03663fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe

Filesize
184KB

MD5
c689f1bdccafe529b87dfa56a62b5b00

SHA1
900dd7a5b3f38f5cdd443f50404bf7dc4612ce35

SHA256
7b13b1c3173a59efbc284cd18975c4d1d990e80c87a386224a09c488b61acf07

SHA512
e844db2456960399255b394ab26199e4f5debf480ab7e6b58d882bfbbc4a249e273848851f76fc66ba4debe8a2d82d58575ab36ed46105caf5313429adbafbef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe

Filesize
184KB

MD5
4d2200fe7ef9ac105db0fa8c7e9b9587

SHA1
f37319fcda34f4de70ed727ee6def7c9b7c91406

SHA256
7ab59867961ac8d85c415d11c0570ab5bc5d782f62d11ecd8c0415cc62c5f303

SHA512
24b86193e855928bda35ded6e095d6b9d2411834fc7dce4b740247f2a5113ad2eaf1878fa9b84fbac972244a97e136d6368d2fd67afd0bb85837594ac4a8d683

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe

Filesize
184KB

MD5
d31affdf15a6259846219f63fa608dd5

SHA1
386ae26ab34d2c54c4dd5195b11f9e989e87399f

SHA256
9f8f10fd58b278513d353fb2c9d560e9ec5b385a735320978e4942458d458bc0

SHA512
632337c1c2de8858868f1ca11485b88c54a0bbc8910b64396cd32771d62ea9a515ba91b94c91cd502e4cb8d27b477b834d99673f6d800ed340f4b34e711a4732

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe

Filesize
184KB

MD5
b2138b83bd505b5b0eb48dfdd3066aff

SHA1
56bd4e4b3ac87a2b3f6b9ea164a15e5716595b01

SHA256
5922f383d7ea5da94878489314e78a13ba23fac774f67d5c09324c4479b39025

SHA512
4407914b7087f0fdba291acf096e0e49197eb6fd1fdc018e45643ee74e313eec22e962280ef93178fd48ef3cc00248c273c5e25f343b1757e460e030aa355594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe

Filesize
184KB

MD5
820ee2271ddcd1d5216705e1ac52f173

SHA1
1dc0617a19d68bc7553a62384521c843de7c2d1e

SHA256
013e7665979d1bf14407c0fb155be7b339eccbb08cef9cd4bdf1971970b629d4

SHA512
04b4c382006b2b6b69e4a8b2006dd838acfb8031927dffc7ba694444a50d8c8b0ae91f4ab6c4d87f7cc3ecc3aef4d32ed08bd6b1379c136809f656fc6377ca88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe

Filesize
184KB

MD5
6ef600e1f0d2c3de36c62def27634f0a

SHA1
e4079e233c2319342038f9ee82b21910c5281e43

SHA256
188470254b61c06490e6d7b3daa8c55b920e2e7538355e2769181768ea45f03f

SHA512
68a6b0e0db846c9fcee702fd32624b83b4926d0ea54ebfc57de3f29ba17c88ea32420d901c27aac0113b0ecb3fa48d3e00a0f287d3789eee41da80539f6a2cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe

Filesize
184KB

MD5
4e6d9c9f61082292be9988a966f97efd

SHA1
7bff2deea4f4b497f6d60d31a114106fd19ef9d8

SHA256
eda9288305526872454ab0e7b7ce59745cdb4d0922c8bb171df8f1b7d6a634fd

SHA512
eccc7d8ebca88dc0b6535a8981e9ef3cb3fd87eef76b226de6fee0b0b4a22c8b8139f02e940f2cbca8066936e07883e8f219320310392d88607b78d8746f3f42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe

Filesize
184KB

MD5
25c92e148d59b3ff27569faacfe69cb8

SHA1
4d198d726dc84621b8536118d430557aca2f8159

SHA256
4b6c9f5ee67a6a5dae84edd89bdc9678c03f8efa660cfc0552d8d1d14c1febc2

SHA512
16f5e67fce2a044f65e2d733a4ae111cfd32f0393f4c4bb406b1030b7b821504d8b21751c3ef2ef86b43b709071835c517aefd027a50482541e12bd8ec615d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe

Filesize
184KB

MD5
687e9f8d623cea32966b337794fa6540

SHA1
fc45f746574187133679695041407fb4d3d12715

SHA256
3d764379c47716df705e51ebe70b1b070ca45f0512558e52e18825458da856e7

SHA512
1d5e06ee01614982c21735715d7d69ea22e73a29921709d38cc0b0c82dd9a68b47ce5e5f66e9df53b9b72a91f7d9b8f881c71b1fcb1c373c6d0c1bed5d6b207c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe

Filesize
184KB

MD5
fb75ef0075f391e636bdb198c681ca60

SHA1
ba84cbbb0d4f6f84cc6d6fed09eba41fab24da08

SHA256
c3ced41ed6006b6f7b9e377d77711f84525b3c5524566c110a76b461bd445822

SHA512
40cef327dffd5adf9eae58348551423f23a4732d9e24170720beb0f9d292dede6ddda5075d247301f5d495e70d69dfbe10de1073e815b0d4e555eea63a2394f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe

Filesize
184KB

MD5
51d6b3e3fd723fc948af7cc952138268

SHA1
46ce8c71874cc1b98ef16891a9b0a9d6a20b5bf7

SHA256
fbebbe9a6d9c4fd9fde8279b7e159bc8f6fa440391e20a57028055adbabb15ba

SHA512
667874171271ab51c6ba64a33f3cd60b4dee48a30617534b67a8a1ab9999f7f28348cb13b049198b3978c0ec6e3e33cdf1db91e758295f34986991ce5effe8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe

Filesize
184KB

MD5
0af533b4b9abe9b1bc18f9fd6d0cb3fc

SHA1
f938695f66ae4a5d57b84815b81a2d1e175702e1

SHA256
12add36b6e43feb525f0c7b81971036e3dd13794492017a41a10c4bf8d02ad5a

SHA512
ec2cbaad79749a7071bb669513d279bd76a09fec06cd0a92e4ed667581b32db846f4a13cb03eca2b36be9218a11c3f94819ea3227cf9327074c51b9a09358a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe

Filesize
184KB

MD5
d2187ad7c825986cc8d86d3f24acc7f2

SHA1
2bda29b5ca18a756533b4db3813f074f8b16c93a

SHA256
e89a8e84dd9f5d27ddddf4ca71970f236cc7e866035fa3c4e8cd0ac2db02c8d1

SHA512
85d366639e0aef16b0dbf34547213cf53d252130c9ae5d124fe3b7e79741bb89aceb8bb1c9882a4629c6ad687413825fd89fcf92a3b7c44f08dd9333b473ba07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe

Filesize
184KB

MD5
1f4d8c5741b1dc4178fce19b5a99e8e5

SHA1
8e7f307ba208fe721889d38d424abaf36d79b90b

SHA256
1468c3b47d5bcccc783723ecc2a9f362bbff090a4322e6d2f8bd7dd34e5176d4

SHA512
39d19296ee8c45723661989b03a10765890ae00b1c6abc3e12f3c3916c8d6babb45f9f90e2e9d6b91938c776cbc9a965d6d32237f6c6873b75bdf5f6d971f19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51218.exe

Filesize
184KB

MD5
d995ab8ba153d3b557fca930d8fe7ec3

SHA1
54d497fb724e9705989c700a59196217c61c3540

SHA256
dd1e6398cf2b7fc5b72141a548879b33accdbd1510c610c5045d740811f49af2

SHA512
4d20b0e482bf1cda2bf859661f0ffc3ef07d89b3b81be4213a83185e7ab97298cd9ed181c87e0c706afc81d175d1da011e7656c3177bf5c31962f2aa4d2582be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53225.exe

Filesize
184KB

MD5
4ac9e5eb45da58f660a024cef0becbba

SHA1
9ba11548fa0532cbef42f0fc4be01376aa631cda

SHA256
413172b6d24a406f8b89a471c239c77648b76acbccf43b99dc828def84b7dc5a

SHA512
f9e5ffb9386407617cea67fd30e631c4c1a1e7241e9ab84b61f824a32440bb9441ddff5eaa6564b09ed0128580e63cdb70ce87a13d8eb4938075c949327d7937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe

Filesize
184KB

MD5
e46a6b40f8318a73bde021597c3c19d6

SHA1
bf78e4564e899eae9e9c183b4d875d7fedd52317

SHA256
5c5714ecb4cf8c8e3a1113cb08f45df4415c695dcede16977d515015b5c12d9d

SHA512
b3b8997af3e034ef139d883d8fd6396fc3698ceb8338735f97c40e656735bc84b80aaecc07108c657e468bb1a9a916227c0d96a58e27a6f6f956c4d33264caf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe

Filesize
184KB

MD5
033f5168999b677f0ab6297824b108e7

SHA1
478275f58debcc4b682875377df34758c3f0fff6

SHA256
a38bc9187bcf9ce5d6b791ebf40e03f68ffee3e4714e632afc8aab1b572a09f9

SHA512
42ea2a1b4a8339a83a30eac79f2cad3d33357fe0b78ff2e4d099bc15a62834b87d11ac1ae1b24e863b5a4956c7c887fab1393cd348ef4859b48de30745d02f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56911.exe

Filesize
184KB

MD5
f7f3c8d5c2c502a921dc5928514abef0

SHA1
c2ce5be21d11be396a14c546d38dd2a2fe6b2ad4

SHA256
907c197ed58958ac25bf6fb3dfe6f37e7814d5317dbe1b5834ca38c40eb15684

SHA512
7ab59029fa4f5100dcf5da5e97e983094f2d452272cf27af87a50d7cf56b5470edc5563aed9c97aab24e4bc1113c0a44cbe8ecbf048f871112a722fe1db72912

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe

Filesize
184KB

MD5
658750570156c5f3f28ba914b69f7ee4

SHA1
23a3d3ee638c909f2386e6e8ebb8704695fa04bd

SHA256
b494009d77158d0cbce62e4b6161cc0c8d43b40a405e568c7a6477a6235dc625

SHA512
7fbd2a58652533c288b1961852e39e286f64e228d432175980fbb7ffcd2a42a2ef9534b1fdbf18e60de6895256c8d856e60449e6b8f0cffaa610df222b004f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe

Filesize
184KB

MD5
54430cb5fa19be0c5528d131cf634598

SHA1
4831857a9b0e59aff1cf07071015996e2d4cbebd

SHA256
f879a27b5f7b2523b70919988d2161d4a9c5e3bd137a618e7ce8837cd5c8e051

SHA512
8083f676d3af8f1029b7ade6f46b3a42db8984de57e9329c1fca8392986cd981a37fbaa2b485c662d99a3dd21a6f89735855807003a50d4bd59258380d97b684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe

Filesize
184KB

MD5
d2300ccefd27a4ca80f42a396d4482b9

SHA1
0672a74b5b3cb50950c8cd1a279e454fbefeb812

SHA256
34a5d1acc2b51262f6249fc95cc9609b5ac983ffa44c6e39650cecfc9b78b6fd

SHA512
9f62eb91da3583e9bd389c457a6c4c814846ac0ec9255849196ae6a95f4458b289d5a1a51a9b90953565d7b488b0ed675ba10934a7479e87eeb16afaf0a161a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe

Filesize
184KB

MD5
d4ae1d76022f8676c776c6167240eec4

SHA1
cb8bed0c9f77781d633bafd0e528d6e8253000bc

SHA256
5ef560dc64580b7245beb69b8ca7dbdac41ca3f2d06dcc8e00f1eadab4edb397

SHA512
8c9eca06bde9c3e96fe9319f797d19a5f52b1aaf51a37856a4ebbed203a4594c81493326d7a50ee23bed9e0d5e59c60392cc4938cba01852133ae09fc6e5bc85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe

Filesize
184KB

MD5
6fab4546e131dc27afd216d28d3839a3

SHA1
1e0033db86962344b27c51668ae3415de462dc97

SHA256
7da0c2f5617608c751107ffbef81ed73819c33ce758aef4831608dea34a73822

SHA512
5b7bdcf4474fb691849846dde2459c7ef7fbad650296d1dabd44a2e7f0ed310888c22c8d0110c4b21c85f3ee99a61ad39bc0c0a0e37e0871834273b29eaa9bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe

Filesize
184KB

MD5
d71da999f871a097a8511ac9a1ca87f1

SHA1
fda045ebdb9d77c28fd3902b37a9cbf2cb6776b9

SHA256
479f848fb28d143c0519e05bb6b5a10108e00da3c0cfa93dafe65baf7892630f

SHA512
f3e1ac5c785edf815f7a29ac80690d0b38c9d6eb8c4c890727c707de9ce9892d609c928d18bcc630ba9fbd5feda85ed59f26380563ae358e99709a871245b72a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe

Filesize
184KB

MD5
eb1e6f338304a78d597aa58da6fe7ff7

SHA1
3e4e5a964c5e7ae8085e1bda1ef2d877880f4cda

SHA256
f6ae0f88c928c18648e9dbf6065b8a0d3237022776f4293cf1ee09ff65ed2135

SHA512
13bfec58952de315bdfbe8b4d3a9f41ce39e56dbd43e3ba5d1a9b7970626be23b3bc8cfa5a1e038ed53c84fe78473cbff5bbe015228deb7d9888df437dbbb63a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads