a4851ac98566fd3b6d8a65d88d2729b8dff44e3a0e5c36e35f4e3620950270a7

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe
Size

184KB
MD5

2b73541121db7c40c21f3134f3cf3290
SHA1

4d1e1812752c130da3876fdf8ec2a5b46ca9a94e
SHA256

a4851ac98566fd3b6d8a65d88d2729b8dff44e3a0e5c36e35f4e3620950270a7
SHA512

6b35486a8fd49e865361592292dea3e210189f7e6acbcd92b1cc42ce7b6bb02ff5a7f76f75d92853ade61b99a0df09c0e90540c306f41f29bcaa0b175e35aac9
SSDEEP

3072:CxRr6AoQOQiI2VqtWaAwbSrelvnqnniGG:CxbotvVqIwWrelPqnniG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2764	Unicorn-49221.exe
1904	Unicorn-50690.exe
2180	Unicorn-47161.exe
1908	Unicorn-22271.exe
3208	Unicorn-23148.exe
3992	Unicorn-3282.exe
2396	Unicorn-489.exe
2896	Unicorn-18431.exe
4944	Unicorn-51523.exe
4652	Unicorn-53407.exe
372	Unicorn-21612.exe
4436	Unicorn-3749.exe
1288	Unicorn-49686.exe
2452	Unicorn-63421.exe
728	Unicorn-54575.exe
4904	Unicorn-51923.exe
3984	Unicorn-51923.exe
1464	Unicorn-21327.exe
208	Unicorn-17692.exe
2500	Unicorn-22479.exe
3456	Unicorn-54694.exe
4060	Unicorn-8830.exe
2620	Unicorn-25167.exe
2792	Unicorn-41503.exe
1680	Unicorn-65245.exe
4916	Unicorn-35181.exe
2116	Unicorn-8446.exe
3676	Unicorn-21253.exe
976	Unicorn-8181.exe
4580	Unicorn-57663.exe
3008	Unicorn-4741.exe
4940	Unicorn-7886.exe
900	Unicorn-1564.exe
2612	Unicorn-24031.exe
2036	Unicorn-17708.exe
4224	Unicorn-23647.exe
3076	Unicorn-52790.exe
3788	Unicorn-9998.exe
2960	Unicorn-58742.exe
3020	Unicorn-58239.exe
2984	Unicorn-37989.exe
1272	Unicorn-5404.exe
2640	Unicorn-62956.exe
4352	Unicorn-61430.exe
4100	Unicorn-28831.exe
1368	Unicorn-12302.exe
228	Unicorn-25109.exe
1076	Unicorn-44975.exe
3448	Unicorn-61311.exe
5024	Unicorn-61311.exe
2904	Unicorn-8581.exe
4196	Unicorn-19516.exe
2424	Unicorn-57590.exe
4640	Unicorn-11918.exe
4064	Unicorn-28255.exe
3444	Unicorn-54797.exe
4432	Unicorn-41061.exe
2696	Unicorn-51990.exe
2352	Unicorn-5006.exe
4220	Unicorn-17813.exe
876	Unicorn-53631.exe
4056	Unicorn-63645.exe
3512	Unicorn-39900.exe
680	Unicorn-35301.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
4996	5584	WerFault.exe	181
7788	5988	WerFault.exe	195
7432	5840	WerFault.exe
9860	5216	WerFault.exe
10244	9780	WerFault.exe	471
10304	10072	WerFault.exe	473
5748	1852	WerFault.exe	984
5152	1388	WerFault.exe	285
10280	9716	Process not Found	1093
17600	4948	Process not Found	1083

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	8124	dwm.exe
Token: SeChangeNotifyPrivilege	8124	dwm.exe
Token: 33	8124	dwm.exe
Token: SeIncBasePriorityPrivilege	8124	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe
2764	Unicorn-49221.exe
1904	Unicorn-50690.exe
2180	Unicorn-47161.exe
1908	Unicorn-22271.exe
3992	Unicorn-3282.exe
2396	Unicorn-489.exe
3208	Unicorn-23148.exe
2896	Unicorn-18431.exe
4944	Unicorn-51523.exe
4652	Unicorn-53407.exe
4436	Unicorn-3749.exe
372	Unicorn-21612.exe
1288	Unicorn-49686.exe
2452	Unicorn-63421.exe
728	Unicorn-54575.exe
4904	Unicorn-51923.exe
3984	Unicorn-51923.exe
1464	Unicorn-21327.exe
208	Unicorn-17692.exe
2500	Unicorn-22479.exe
3456	Unicorn-54694.exe
4060	Unicorn-8830.exe
2792	Unicorn-41503.exe
1680	Unicorn-65245.exe
4916	Unicorn-35181.exe
2116	Unicorn-8446.exe
976	Unicorn-8181.exe
3676	Unicorn-21253.exe
2620	Unicorn-25167.exe
4580	Unicorn-57663.exe
3008	Unicorn-4741.exe
4940	Unicorn-7886.exe
900	Unicorn-1564.exe
2612	Unicorn-24031.exe
2036	Unicorn-17708.exe
4224	Unicorn-23647.exe
3076	Unicorn-52790.exe
3788	Unicorn-9998.exe
2960	Unicorn-58742.exe
3020	Unicorn-58239.exe
2984	Unicorn-37989.exe
1272	Unicorn-5404.exe
2640	Unicorn-62956.exe
4352	Unicorn-61430.exe
4100	Unicorn-28831.exe
1368	Unicorn-12302.exe
228	Unicorn-25109.exe
4640	Unicorn-11918.exe
1076	Unicorn-44975.exe
2904	Unicorn-8581.exe
4064	Unicorn-28255.exe
3444	Unicorn-54797.exe
2424	Unicorn-57590.exe
5024	Unicorn-61311.exe
4432	Unicorn-41061.exe
4196	Unicorn-19516.exe
2696	Unicorn-51990.exe
3448	Unicorn-61311.exe
2352	Unicorn-5006.exe
4220	Unicorn-17813.exe
876	Unicorn-53631.exe
4056	Unicorn-63645.exe
3512	Unicorn-39900.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 2764	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	89
PID 3416 wrote to memory of 2764	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	89
PID 3416 wrote to memory of 2764	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	89
PID 2764 wrote to memory of 1904	2764	Unicorn-49221.exe	94
PID 2764 wrote to memory of 1904	2764	Unicorn-49221.exe	94
PID 2764 wrote to memory of 1904	2764	Unicorn-49221.exe	94
PID 3416 wrote to memory of 2180	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	95
PID 3416 wrote to memory of 2180	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	95
PID 3416 wrote to memory of 2180	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	95
PID 1904 wrote to memory of 1908	1904	Unicorn-50690.exe	97
PID 1904 wrote to memory of 1908	1904	Unicorn-50690.exe	97
PID 1904 wrote to memory of 1908	1904	Unicorn-50690.exe	97
PID 2180 wrote to memory of 3208	2180	Unicorn-47161.exe	99
PID 2180 wrote to memory of 3208	2180	Unicorn-47161.exe	99
PID 2180 wrote to memory of 3208	2180	Unicorn-47161.exe	99
PID 2764 wrote to memory of 3992	2764	Unicorn-49221.exe	98
PID 2764 wrote to memory of 3992	2764	Unicorn-49221.exe	98
PID 2764 wrote to memory of 3992	2764	Unicorn-49221.exe	98
PID 3416 wrote to memory of 2396	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	100
PID 3416 wrote to memory of 2396	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	100
PID 3416 wrote to memory of 2396	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	100
PID 1908 wrote to memory of 2896	1908	Unicorn-22271.exe	103
PID 1908 wrote to memory of 2896	1908	Unicorn-22271.exe	103
PID 1908 wrote to memory of 2896	1908	Unicorn-22271.exe	103
PID 1904 wrote to memory of 4944	1904	Unicorn-50690.exe	104
PID 1904 wrote to memory of 4944	1904	Unicorn-50690.exe	104
PID 1904 wrote to memory of 4944	1904	Unicorn-50690.exe	104
PID 2396 wrote to memory of 4652	2396	Unicorn-489.exe	105
PID 2396 wrote to memory of 4652	2396	Unicorn-489.exe	105
PID 2396 wrote to memory of 4652	2396	Unicorn-489.exe	105
PID 3992 wrote to memory of 372	3992	Unicorn-3282.exe	106
PID 3992 wrote to memory of 372	3992	Unicorn-3282.exe	106
PID 3992 wrote to memory of 372	3992	Unicorn-3282.exe	106
PID 3416 wrote to memory of 4436	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	107
PID 3416 wrote to memory of 4436	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	107
PID 3416 wrote to memory of 4436	3416	2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe	107
PID 2180 wrote to memory of 1288	2180	Unicorn-47161.exe	108
PID 2180 wrote to memory of 1288	2180	Unicorn-47161.exe	108
PID 2180 wrote to memory of 1288	2180	Unicorn-47161.exe	108
PID 2764 wrote to memory of 2452	2764	Unicorn-49221.exe	109
PID 2764 wrote to memory of 2452	2764	Unicorn-49221.exe	109
PID 2764 wrote to memory of 2452	2764	Unicorn-49221.exe	109
PID 2896 wrote to memory of 728	2896	Unicorn-18431.exe	110
PID 2896 wrote to memory of 728	2896	Unicorn-18431.exe	110
PID 2896 wrote to memory of 728	2896	Unicorn-18431.exe	110
PID 3208 wrote to memory of 4904	3208	Unicorn-23148.exe	112
PID 3208 wrote to memory of 4904	3208	Unicorn-23148.exe	112
PID 3208 wrote to memory of 4904	3208	Unicorn-23148.exe	112
PID 1908 wrote to memory of 3984	1908	Unicorn-22271.exe	111
PID 1908 wrote to memory of 3984	1908	Unicorn-22271.exe	111
PID 1908 wrote to memory of 3984	1908	Unicorn-22271.exe	111
PID 4944 wrote to memory of 1464	4944	Unicorn-51523.exe	113
PID 4944 wrote to memory of 1464	4944	Unicorn-51523.exe	113
PID 4944 wrote to memory of 1464	4944	Unicorn-51523.exe	113
PID 1904 wrote to memory of 208	1904	Unicorn-50690.exe	114
PID 1904 wrote to memory of 208	1904	Unicorn-50690.exe	114
PID 1904 wrote to memory of 208	1904	Unicorn-50690.exe	114
PID 4652 wrote to memory of 2500	4652	Unicorn-53407.exe	115
PID 4652 wrote to memory of 2500	4652	Unicorn-53407.exe	115
PID 4652 wrote to memory of 2500	4652	Unicorn-53407.exe	115
PID 2396 wrote to memory of 3456	2396	Unicorn-489.exe	116
PID 2396 wrote to memory of 3456	2396	Unicorn-489.exe	116
PID 2396 wrote to memory of 3456	2396	Unicorn-489.exe	116
PID 4436 wrote to memory of 4060	4436	Unicorn-3749.exe	117

C:\Users\Admin\AppData\Local\Temp\2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b73541121db7c40c21f3134f3cf3290_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5006.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        11⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        11⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        11⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        11⤵
        
        PID:17352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        11⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        10⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56470.exe
        10⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19225.exe
        10⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        10⤵
        
        PID:16508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        10⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        9⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        9⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        9⤵
        
        PID:18380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5518.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        10⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        10⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        10⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
        9⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30713.exe
        9⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        9⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        9⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44735.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        10⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        10⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        9⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        9⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        9⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        9⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        8⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        8⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        7⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        7⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58844.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        9⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        10⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        10⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        10⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        10⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        9⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        9⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        9⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        8⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        8⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        9⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        9⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50874.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        8⤵
        
        PID:17628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        7⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58879.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        8⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        7⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        7⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4194.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        7⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        7⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        6⤵
        
        PID:18032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38417.exe
        6⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2574.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        9⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        9⤵
        
        PID:16252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        8⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        8⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28133.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        8⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        8⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        8⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        7⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52399.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        8⤵
        
        PID:12540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        7⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        7⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        7⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        6⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26902.exe
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        7⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        7⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        6⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        6⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        8⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        8⤵
        
        PID:17892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57208.exe
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        7⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        7⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41727.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29218.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        6⤵
        
        PID:18404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64707.exe
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        6⤵
        
        PID:14736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        6⤵
        
        PID:17748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        6⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        6⤵
        
        PID:12336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        5⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        9⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        9⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        9⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        8⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        8⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        8⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 176
        9⤵
        Program crash
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        8⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        7⤵
        
        PID:18336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        8⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        8⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
        7⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        7⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44761.exe
        7⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42253.exe
        6⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        7⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        6⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        8⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        7⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42988.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        7⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        6⤵
        
        PID:12876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        6⤵
        
        PID:12264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        6⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
        5⤵
        
        PID:17164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5897.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        7⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
        7⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50822.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        7⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 212
        8⤵
        Program crash
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19433.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        6⤵
        
        PID:13480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        5⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
        6⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        5⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        7⤵
        
        PID:15704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        7⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        6⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        6⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
        6⤵
        
        PID:16932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22972.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        5⤵
        
        PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21861.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        6⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        6⤵
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        5⤵
        
        PID:17656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        5⤵
        
        PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
      4⤵
      PID:13932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
      4⤵
      PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
      4⤵
      PID:9936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        9⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        8⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        7⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64717.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        7⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        7⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        8⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        8⤵
        
        PID:18356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        7⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13541.exe
        7⤵
        
        PID:15784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        7⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        7⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        6⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        7⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        7⤵
        
        PID:64
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        7⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        6⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        7⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49786.exe
        7⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        6⤵
        
        PID:16372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        6⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34985.exe
        7⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        6⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64369.exe
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        6⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        5⤵
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6089.exe
        7⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47074.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
        6⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        6⤵
        
        PID:14776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        5⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28428.exe
        5⤵
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
        5⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        5⤵
        
        PID:1852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 80
        6⤵
        Program crash
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        5⤵
        
        PID:18284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9714.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
      4⤵
      PID:14048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
      4⤵
      PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
      4⤵
      PID:8448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        8⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        7⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        7⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55107.exe
        7⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7957.exe
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
        7⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
        7⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
        7⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        6⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        6⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        6⤵
        
        PID:17596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        5⤵
        
        PID:12584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
        5⤵
        
        PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
        5⤵
        
        PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
      4⤵
      PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        5⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
      4⤵
      PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        7⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        6⤵
        
        PID:14076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        5⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        5⤵
        
        PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        6⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
      4⤵
      PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        6⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        5⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
      4⤵
      PID:10572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
      4⤵
      PID:17540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
    3⤵
    PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        5⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        5⤵
        
        PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11836.exe
      4⤵
      PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      4⤵
      PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
      4⤵
      PID:17884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
    3⤵
    PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
      4⤵
      PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
      4⤵
      PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
      4⤵
      PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
      4⤵
      PID:18344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
    3⤵
    PID:10324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
    3⤵
    PID:14272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
    3⤵
    PID:17740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
    3⤵
    PID:10288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        8⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22096.exe
        8⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        7⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57068.exe
        7⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        7⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        7⤵
        
        PID:18260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        7⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45837.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        6⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        6⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        7⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        6⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
        5⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
        5⤵
        
        PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14837.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        7⤵
        
        PID:15124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        7⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
        6⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
        6⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        6⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 424
        7⤵
        Program crash
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        6⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        6⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        6⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        5⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        5⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        5⤵
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
      4⤵
      PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47811.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        7⤵
        
        PID:14360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        7⤵
        
        PID:18076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        6⤵
        
        PID:14356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        5⤵
        
        PID:10732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        5⤵
        
        PID:18112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
      4⤵
      PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60799.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        6⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
      4⤵
      PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
      4⤵
      PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        6⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        6⤵
        
        PID:12548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-639.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        5⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        7⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        7⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49987.exe
        6⤵
        
        PID:16472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        6⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        6⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
        5⤵
        
        PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
      4⤵
      PID:15804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        5⤵
        
        PID:5584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 632
        6⤵
        Program crash
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        5⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        6⤵
        
        PID:9804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        6⤵
        
        PID:13348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        5⤵
        
        PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38191.exe
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26533.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        5⤵
        
        PID:12868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
      4⤵
      PID:18196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30863.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        6⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
      4⤵
      PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        5⤵
        
        PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
      4⤵
      PID:10652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
      4⤵
      PID:16156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
      4⤵
      PID:8120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    3⤵
    PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
      4⤵
      PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
      4⤵
      PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
    3⤵
    PID:7560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
      4⤵
      PID:11348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5365.exe
      4⤵
      PID:14480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3401.exe
      4⤵
      PID:18396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
    3⤵
    PID:9300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
    3⤵
    PID:13844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58426.exe
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
    3⤵
    PID:8384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        5⤵
        Executes dropped EXE
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        7⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35754.exe
        7⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46432.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        6⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3861.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        5⤵
        
        PID:11860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        5⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        7⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        6⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        6⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15986.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57891.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        5⤵
        
        PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      4⤵
      PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9166.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        7⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        6⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41078.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
      4⤵
      PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41418.exe
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        6⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        5⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        5⤵
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        5⤵
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        5⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
      4⤵
      PID:16368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
      4⤵
      PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
        6⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        5⤵
        
        PID:16660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
      4⤵
      PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
      4⤵
      PID:10676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        5⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
        5⤵
        
        PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
      4⤵
      PID:16124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      4⤵
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    3⤵
    PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
    3⤵
    PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
    3⤵
    PID:17292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64303.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60547.exe
        7⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        6⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6329.exe
        6⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        5⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
        5⤵
        
        PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        6⤵
        
        PID:12324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
        6⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        5⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        5⤵
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
      4⤵
      PID:1388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 696
        5⤵
        Program crash
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
      4⤵
      PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
      4⤵
      PID:8560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
      4⤵
      PID:5840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 636
        5⤵
        Program crash
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        5⤵
        
        PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
      4⤵
      PID:14764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
      4⤵
      PID:18348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48189.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
      4⤵
      PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30655.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
      4⤵
      PID:13840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
      4⤵
      PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
      4⤵
      PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
    3⤵
    PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
      4⤵
      PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52605.exe
      4⤵
      PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
      4⤵
      PID:9940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38637.exe
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
    3⤵
    PID:14284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
    3⤵
    PID:18248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        5⤵
        
        PID:15380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
      4⤵
      PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12834.exe
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
      4⤵
      PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
      4⤵
      PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
      4⤵
      PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
    3⤵
    PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
    3⤵
    PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
    3⤵
    PID:10524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
    3⤵
    PID:15192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55939.exe
    3⤵
    PID:18012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
    3⤵
    PID:1284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    3⤵
    PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        5⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        5⤵
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
      4⤵
      PID:13712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      4⤵
      PID:17584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
    3⤵
    PID:8176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
    3⤵
    PID:10560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
    3⤵
    PID:13696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
    3⤵
    PID:17908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
    3⤵
    PID:8532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32271.exe
  2⤵
  PID:5988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 636
    3⤵
    - Program crash
    PID:7788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
  2⤵
  PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
    3⤵
    PID:8868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
    3⤵
    PID:13248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
    3⤵
    PID:15428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
    3⤵
    PID:15212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
  2⤵
  PID:9060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
  2⤵
  PID:13860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
  2⤵
  PID:3112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
  2⤵
  PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5584 -ip 5584
1⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5988 -ip 5988
1⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5840 -ip 5840
1⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5216 -ip 5216
1⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 9780 -ip 9780
1⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 10072 -ip 10072
1⤵
PID:10288

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:8124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe

Filesize
184KB

MD5
7bcf997339f5b0e9f5730d4bd305665a

SHA1
7b1bd507e115bfb272f0ecd16d102277752e011e

SHA256
ea8ca24a5088a3e706afce065dbdf0dc690fcbb4148e25d9f2142000af04ec24

SHA512
87a54798046f7a594b4b1fb18235599ad120ce9ab6887c936b14d3d21652e45a5a13d7686edb0e1b2ecd3a37deadb9cc7d3129d374cfce350f12f4dbf12cb33b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe

Filesize
184KB

MD5
5381ec614a06d585ea8be2592ce25814

SHA1
c07f3db8ee387dcd8adcc147d45bd83e6554bc5d

SHA256
a430251891756a4f72387550da73d664544782058af9bd8fa38224281e39187f

SHA512
e9f379faaea7f373263dd88fc34237a93bad340d377e91e87aa83a4ddbf304aba28c62374e5737bdb11f9826ac66d762e506eeb782b596c1826e8b469059bfb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe

Filesize
184KB

MD5
46d4744e81fd4bd760c3603939c26127

SHA1
9ef9ad44bb9dc2ee72b66f746f956228e9b9f4b3

SHA256
547b41cf585a4631a40b1187113c8f902d475379c266bf3a903114ce1ae80b4a

SHA512
c9fd9e5a15afb27b050b6fca1dc5981d315d9c71b0e54f1e645fdcf733a88104669bc84b2271dec1b271e6d720b94abb41750a2cccb6e69e5355452683cb4ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe

Filesize
184KB

MD5
bb0171270648b3c8939cda7250fa5499

SHA1
1a04d68790e278579cc864ee4f7b4eccb7033dab

SHA256
144a5466586f1cc26b7746f433ca4f7932d082e494cc2d229ba9bd063fef0d67

SHA512
944785d79a30dd7d558b3580e073d32d49f32fb90b725aca182a81341e5852298cc15f927f367a4a97378efdd0e92c4115f36a3534b943c1f0c7729bb4690d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe

Filesize
184KB

MD5
9305b3b438787f88328f1b7269c916aa

SHA1
1f10a5709f9deb7a308f254e6fc40335b07c002e

SHA256
a35df4964c5bb87c04e768ed0129fbb16ed4911ee855c225056fa5204ff5caaf

SHA512
bd789a16f617d8b92c7fc73cc2e7449b3765b54964f149ee69fbd945240e8f611c78d901bc4c1fd16e34b80066ccff6931d2e660ccbe7cd74a5e6135adbd62f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe

Filesize
184KB

MD5
236a36efbc9164d921f4169d4dc964ad

SHA1
f0e47d21a0484349a9066eda79d0a20163514650

SHA256
5ea1292b7f7f591b230e9a7599b4e4c182e9557b32750ff34bd1bf3518bdd3f5

SHA512
33056202571d2204b838f991056105ced11e6edb89bbba4effd66468d4501047c8580bad729e013ba5b7f29042d9a7b63facbf71a0bc50514d9f7a16c125fdce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe

Filesize
184KB

MD5
110a0c73740f2803716864a573fe3e3b

SHA1
ee761182c8495eefa359c5db2ee6a481bdd53e81

SHA256
81504c06298d1d9a4f3aab3ce2e0c9ebcb8b0f78ae362694ee71cc7473ccb808

SHA512
6272cde5f2fbd5a8fc32bea475c6e241d234223f8b954a117550c2b5639b47db8fe1159b1b09b9ee650f5f8d0f954a5723d745b26db74251edc43692a766a1e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe

Filesize
184KB

MD5
9f3df75743e5e0d14ff777f2d3308fb5

SHA1
58603ccd6646edee667ad4863bba0d57c99ce6c2

SHA256
a07ad180de9bee595f331322dcda410a25e2a8c3c8ab0e4bf4ff3466d49f683e

SHA512
42624012474353b9bc31f65ad91892db3ae0d16beb07c8a82c32c7fdebb09eccda7f6d9b5c906e46d93ca640d124d67767e58e78a4451fd7e6fcfe11773750dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe

Filesize
184KB

MD5
d1faf20132da01a4fa97b1d906c40b5f

SHA1
03055e6d4a218e1621fcbca55aa023504a97487a

SHA256
77b0fb1485a14198964be8a2fa4babaf66d282ba9e59467859bde9d2abf7785f

SHA512
0de29d59683855b2a42b3d4364ef4dd9d5532094af7b0cf99ff0eb0f3592a6f7faa9669f94beb1606fb95194a414075b9bae87b2ddf1137faba7dc2891487ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe

Filesize
184KB

MD5
aa1a0b735f46e56dd0d23a10f0a3c489

SHA1
4af502d0e8f02084b448881b631a62ecbf7136b5

SHA256
794d3662b6c990c76e22025b5ea0204405e049ef6745a686db170184f96d50e3

SHA512
e0cdd24821ede297318d1ba80f6c107d5fbda5329ffc35c20bca7b4a5fbf4b2852d461ba93c4a48cbf125f82648c77750fae9b333b4c502974d4b9cc453c8e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe

Filesize
184KB

MD5
19ec2559b8b6a379fe9f23c4598d9882

SHA1
f4ecbd2a6dcf8ece5eebc4a415bd6cbfef2cdd0b

SHA256
9b2e40c6c8b35edf0566ad3b4744b2d8c8e44225feb07153787f3aaa83d3dd64

SHA512
de98e0d4a9a81fcca965bd170ce8505c7ada584ad3d7ef9b4af1dfb52372bf531d91d05372e34516020a9a4cb85c7d16694f7114db2ac78d9a46c703fd7887cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35181.exe

Filesize
184KB

MD5
e6605ecaa20e375ebe1f8ba286440985

SHA1
f8d493bce47af6c73415e84d3f1b8b562587b22f

SHA256
9588c789afbd5b59db8562c9acfb148d5d8bd99293476a2027440736c5e317ae

SHA512
7901081eb4b8d9239e62c6b8b478a5036b8103fc1f2d199dd4788f1bf4e1e8dbe7759adb38fc09d862d654f9b2add392a9bed83f895167dc70ad41119eac4eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe

Filesize
184KB

MD5
93b92e5cb97d07e7777b065b2bc4fe32

SHA1
175755c8b400140324dfde7b298a55c8cb99e896

SHA256
d0cc43775563373d2a34f8433d8d55b489fbd16bd383ecbbc290554f8429b9ab

SHA512
970b31135136cbaf7d51f5e4807fba9e678de68eaa00ff78f17cbb07e471c359415c981750213c8aaca8853834d7e92c071286a906aa39132b15fa0724056542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe

Filesize
184KB

MD5
45346b821d3770c7865cd21fd15dbb75

SHA1
b486b90fd5c067d336511a5d7214acffd98bb7de

SHA256
794da23a1febd427db79f4aff22c658e6f5f25cde1e649bc1a153de43b860079

SHA512
363d8b81d903fd506102560f66b71fa0fbce373004ab24401f32db9194f38f4553b57e2b8bbe60b95da2cc2ef3308f87f3d1b092b337de79f1218e1a49fab0fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe

Filesize
184KB

MD5
3e34202f7e15bcb4555830f28f656eda

SHA1
3faf9cb53843cbc6e8e3f736d2262378368ddb66

SHA256
c79ac15ad025970b91a08f701cecf71403ea44ef13777fe2dab497797fa51da8

SHA512
4180d3e1bff834c0356307fb731bccd6fb5b0b55dd05d5e68225ba3ead34a03f5113c6950239875eebdf0fc4326cae9c6212aca4ddf1363b5b43f736bd855765

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe

Filesize
184KB

MD5
716a950e39e745b85b09e5f5a45d788a

SHA1
7a1d770126fb357418a448473534005b1924e4d8

SHA256
eac45da49a930889c6e904f5c07f706ce9377add212812b37f037a6031885dab

SHA512
640bb29845b657a3f849c71c384b304f498d02e4e37ab2c571205cd5258eb68915f0f29af168b4505f41c7c643a9c8d91e384741898454cb5b6de7c4db6864b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe

Filesize
184KB

MD5
5d15095813ca9e23a2cff052b490291d

SHA1
37178aa1a12bfb7752852a9278b4ad659723ebbc

SHA256
33c3a8e05fc753848fa00dd6c8b21560e43751fe5b1de09000faebd1898e28d3

SHA512
08d10a9cea40789e0163aad7047e29bbb2cff711120c80796a9d640143cd94853179e7091d44d41a7abee5feabbbb5fd447f015293ff04302bdbeae1991ff32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe

Filesize
184KB

MD5
8d69dda565181f52a523b9999a323295

SHA1
3bc93b67c29a05a861e04e52844a3ea56445b910

SHA256
bae6645e919da2560f53f30f3d0b29dabec491d8a8000ba18944169f481cf0a5

SHA512
1218b04538acbf180d492ed59cfcc35cce035f08ab646a2ed61e7eacd606ab568e1bca5096893f03c6209e69f0be0db1b7aa972f4333046ea96a11a9ab314303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe

Filesize
184KB

MD5
fa77f24c383cb3ad59a9ecc3cc159d21

SHA1
80a14320cef2a396c92e59880bc798c6f6551331

SHA256
3033f30e4b649b9a66165183898b3ca85bb59d6019bd3413da55d26d5a4b1106

SHA512
1b7a10439dfb57b8e7c41b6d104418a11fa68c6d56d261282be55688e7a7acb60a717dee507503c65da766e31ba0472f2e8e71c602490ad32a3901f8718d757f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe

Filesize
184KB

MD5
1d782622674bd6e474b1299182072687

SHA1
a1cae62d2eb28381dbdb45696b869aa97de29a5a

SHA256
15823d98b0407bf2d7c07e9da583db6f28b4ca357d3fecd385254d5a25db6f6e

SHA512
1824b4b2ad1ae10d7672076e1ff7cad4020e7d6cd58fcaefc2c847eb79918699b6e6e8bdd31258ceabd93769c2dc9bbc298ee200e42e6995bef02ff0e158b9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50690.exe

Filesize
184KB

MD5
6508231da50938f46ed2b64e127eae9e

SHA1
a19d8af86dff947d45bbdf21b053a21ab97ecfdd

SHA256
3eedfce5f70e4ef388086358fff4980482343542b79aee0a7d2a74ec6e1513da

SHA512
d2532efc6e4edc8a451642dad9878a3883d2207cbaf2ee5f3bcf6d857ffb2feba0bb3b8d751c7c24f7b33062a9d4a1ad886ef848cb946e4ac5c377a0bf3b7fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe

Filesize
184KB

MD5
7230e4057cca64660cedd7171fe36663

SHA1
2ad3343be632db913033d8c0af45fe2f8dbcc6e4

SHA256
90f7516ca1ede166720243ebb40de75ec0ac020864ea5a818d9b776f54cdd52e

SHA512
46b013e9dfce26a25076637d675424d9c4551025a373328b0b78790ed5c8882ad38e3f3ee732844421068f2ae3f0598c2f2c109a4755a5a5ef46e3c3925f8029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe

Filesize
184KB

MD5
1bc8f67b0f37c3ba3462598b136bfc0a

SHA1
bb088f024a3fd3660f17aaef8920523a7bdb285d

SHA256
d7bd5030a0c4a7d0888d7e8b6103c24dee4be628a599980d30d45277966f6e13

SHA512
2e9fae712892b6ee83fa6cf1dc1eec04095633c40771de67c043c9018b78b493ff4f17d2e8aa39cf2b3b66faf1f336b26df72f55b148645e7e3b2357ddb321f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe

Filesize
184KB

MD5
e4ebda2dfec01aa447bdaea18990a1c9

SHA1
d993a21a7bed38cd0512f592bfd1e103105ae1f6

SHA256
84943384e9659f402776378d420e5950da9c9f2cb3afd1aecd7ff18bc174fe4c

SHA512
249aaff1cf4937ff51075a5953070424d363ca1415e884a9dc30ee4fbbf4c3535978a54202b02d556eef7f52bbef849ba00391bf0cfd7c06778cb4eb177220df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe

Filesize
184KB

MD5
5a186448fa13e23f963a2ea295d4207f

SHA1
e6a1b03da76314e8f07939095df8aa8c18a8d084

SHA256
291d6eabdaf25a6a83cb864521323b1158177a7de55e312a0c32bf5498a9477f

SHA512
b20345df7041a1b45fc24e717237e070814c54eaf366655a7f68cd83828ef4d783177af70484bacd4b74f25f3d85f1ed41c2ebe536bfae99c4ad7db5700d52f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe

Filesize
184KB

MD5
b79ccc85d02aad03c3a4824caf3f1ab5

SHA1
0475201fdddc3faaebbf2b5dc0a4bfa58cc7c111

SHA256
5c6c1ec91256010df80105ee6342ec36f6f7c29d977d1f395c4c4ab6088a7070

SHA512
b93e9ce183de333e8717de6144dbb5c6d0e503ad4f7246d4161071558d34825ee9319b26da46ab8b0133d9cef21225784434f47e7e31e37630f93fee90ff9a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe

Filesize
184KB

MD5
62e8f72a2e670ec90305c46933f58ed7

SHA1
3ac1919406aad1c7015a6ba861a150461d2965e8

SHA256
ca1022de22863ff2b15e62d2ca0e12e6d4a8f4010e8778b52a6b3772d563e628

SHA512
12f29c6f6751e15600055ac12a438afff0756e5f54f0c707ac20ec32018d04f7950b5ffb29ed212e4e3f1a9e8cb20b131445005d1dee2f24541a13fabdf387fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe

Filesize
184KB

MD5
fbcadf9108f4168fe53fe794cc9ecdb5

SHA1
db7a713c7f9e60a1438b1be636dd61b968b29fb2

SHA256
b358e927f950dc2c5ff5a5918e11f00116534511cded744dcf5956c34cdeaa3d

SHA512
9d1fa0fd7bae1c81e25975f6d5c62a54798895930176a38abac5dfa4e3766ebf711d81f748bfa9d16641c6174e29f45353e9caa0f8aa975b2e0c7f7e1f664eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe

Filesize
184KB

MD5
9e83fab932c43cd64871342ce1b2324c

SHA1
a37f079471403647ca0ade296f8b1f5271a75e38

SHA256
77e7859fd7ff179b1dcc46293c17151cdf001ed1b469ffc2d6dbf4737681d72e

SHA512
652d954139b7056ddef2b124d59f99aef3783d3c9bab1e14897dbedb5aacb081bfa29e3b9d5689559b603d404a81e9c92fa2b09cac52899d8909d7736a3a9ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe

Filesize
184KB

MD5
cee52e3830fa20e8ff5a6a2577fd8b47

SHA1
f0f1fcfabdb433e3d6a7842bd2c9199ae8d1a856

SHA256
170ddb6c70cba0e61e1943f151fd5e2c69446933428309b11fafae9da22a8af2

SHA512
a4350256055830fab5181ca1e288edec59d2fcc9932b0a24ba8c6146589fbcba892f8a0a16014f36c5062236f8d5317926a869ad6b6fba2d71d5b7387106babb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe

Filesize
184KB

MD5
5d3960d692290e685084713e684ecb5e

SHA1
7a6d58f74aa5ff6c10136f01cd7f3e9f7e3cffbb

SHA256
913cbce3a39f2757da18f830cf44a4676b4727c79a41e844105d12fa03562e1b

SHA512
23743e50dfd76cadfe093bf03868ad07d8116009020eaf4df05d9a9255ce275ee00a073dabb791db300ada4a69151a407f6325b2b0e16e5c4ae487700cff3d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe

Filesize
184KB

MD5
2557780016136bc29c1d5fce51104328

SHA1
f01a3504b4aa99bdf2aec9387b73a8de04bd2067

SHA256
e7693eadcb11e6783be086c710fe2aba572ce393767fbdfd9e315cf9bbe74c90

SHA512
44918df3de00687a882e911edbe4e1f5e36263bb8a1e6ee3ff07202c56de8218ebcaee5ab50aebdc26a3e9a2a27c3d923d1a9cc78d05e57cd87e33863e8f9e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe

Filesize
184KB

MD5
8cb8abfb1fbf215b76af14153ef353f4

SHA1
77f0219819f66da13998c539949385b882039655

SHA256
ae9eea4b8152788ab8752d253a62b7076b06f844bc13f865b8e507fe3c328b82

SHA512
301587ee1f80e590e664169db16d63907dd16894fbae45b3380eb0f72e6e8a0fa31b02fde2456035c07af4322cb868892a7b22f1e3d5d163febc8bfafca9094b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe

Filesize
184KB

MD5
7eb348667198ef25eb9ccb42235ab781

SHA1
84eb3b4508ce769fe6ae31848445dc54e5124baa

SHA256
f6254b080d8249c3b330e6fca76067a89472b748808c166aef0bcfdb729555ef

SHA512
e10c8189fd3f5d883765f9ed7190c25b96a17f43f597f816e51940a10d5ada50d1cf7337c6315b6c64454dd6f66efb7cd5785483db4b8df7f5ea62d8cf170048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8830.exe

Filesize
184KB

MD5
a0468f9535fffc32fd77e0522f45d23c

SHA1
467164965e6a5c3a359ef8b8072d3f6c27a5cfdd

SHA256
e1723b0341697c3ed6af334d9623d894a768477218b5334a5e2151219011e1d0

SHA512
e2013f994f0d343065c81cfe4a778537d9730362208cf91edf243684242b33e06082143bc29279315060086cd3c31b446ecf7fa9778f063be479b719f2ef1396

Download Submit
memory/3536-3901-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5216-1212-0x0000000002BD0000-0x0000000002BE0000-memory.dmp

Filesize
64KB

Download
memory/5216-1056-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/5216-1155-0x0000000002B40000-0x0000000002B50000-memory.dmp

Filesize
64KB

Download
memory/5216-1172-0x0000000002B70000-0x0000000002B80000-memory.dmp

Filesize
64KB

Download
memory/5216-1177-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/5216-1207-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

Filesize
64KB

Download
memory/5216-1213-0x0000000002BE0000-0x0000000002BF0000-memory.dmp

Filesize
64KB

Download
memory/5216-1214-0x0000000002BF0000-0x0000000002C00000-memory.dmp

Filesize
64KB

Download
memory/5216-1058-0x0000000002A60000-0x0000000002A70000-memory.dmp

Filesize
64KB

Download
memory/5216-1217-0x0000000002C10000-0x0000000002C20000-memory.dmp

Filesize
64KB

Download
memory/5216-1216-0x0000000002C00000-0x0000000002C10000-memory.dmp

Filesize
64KB

Download
memory/5216-1211-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

Filesize
64KB

Download
memory/5216-1187-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/5216-1176-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/5216-1170-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/5216-1162-0x0000000002B50000-0x0000000002B60000-memory.dmp

Filesize
64KB

Download
memory/5216-1141-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/5216-1139-0x0000000002B20000-0x0000000002B30000-memory.dmp

Filesize
64KB

Download
memory/5216-1108-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5216-1102-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/5216-1101-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/5216-1107-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/5216-1097-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/5216-1080-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/5216-1079-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/5216-1078-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/5216-1077-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/5216-1138-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/5216-1020-0x0000000002A30000-0x0000000002A40000-memory.dmp

Filesize
64KB

Download
memory/5216-1019-0x0000000002A20000-0x0000000002A30000-memory.dmp

Filesize
64KB

Download
memory/5216-1013-0x0000000002190000-0x00000000021A0000-memory.dmp

Filesize
64KB

Download
memory/5216-1012-0x0000000002180000-0x0000000002190000-memory.dmp

Filesize
64KB

Download
memory/5216-1018-0x00000000021C0000-0x00000000021D0000-memory.dmp

Filesize
64KB

Download
memory/5216-1017-0x00000000021B0000-0x00000000021C0000-memory.dmp

Filesize
64KB

Download
memory/5216-1006-0x0000000002140000-0x0000000002150000-memory.dmp

Filesize
64KB

Download
memory/5216-1005-0x0000000002130000-0x0000000002140000-memory.dmp

Filesize
64KB

Download
memory/5216-1004-0x0000000002120000-0x0000000002130000-memory.dmp

Filesize
64KB

Download
memory/5216-1003-0x0000000002110000-0x0000000002120000-memory.dmp

Filesize
64KB

Download
memory/5216-1002-0x0000000002100000-0x0000000002110000-memory.dmp

Filesize
64KB

Download
memory/5216-1001-0x00000000020F0000-0x0000000002100000-memory.dmp

Filesize
64KB

Download
memory/5216-1000-0x00000000020E0000-0x00000000020F0000-memory.dmp

Filesize
64KB

Download
memory/5216-999-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/5216-998-0x00000000020C0000-0x00000000020D0000-memory.dmp

Filesize
64KB

Download
memory/5216-997-0x00000000020B0000-0x00000000020C0000-memory.dmp

Filesize
64KB

Download
memory/5216-996-0x00000000020A0000-0x00000000020B0000-memory.dmp

Filesize
64KB

Download
memory/5216-995-0x00000000005E0000-0x00000000005F0000-memory.dmp

Filesize
64KB

Download
memory/5216-994-0x00000000005D0000-0x00000000005E0000-memory.dmp

Filesize
64KB

Download
memory/5216-992-0x00000000005B0000-0x00000000005C0000-memory.dmp

Filesize
64KB

Download
memory/5216-991-0x00000000005A0000-0x00000000005B0000-memory.dmp

Filesize
64KB

Download
memory/5216-1007-0x0000000002150000-0x0000000002160000-memory.dmp

Filesize
64KB

Download
memory/5216-993-0x00000000005C0000-0x00000000005D0000-memory.dmp

Filesize
64KB

Download
memory/5216-1081-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

Filesize
64KB

Download
memory/5216-1016-0x00000000021A0000-0x00000000021B0000-memory.dmp

Filesize
64KB

Download
memory/5216-1008-0x0000000002170000-0x0000000002180000-memory.dmp

Filesize
64KB

Download
memory/9716-3843-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads