cba33025b04fa24f493c71bdee1f685e893874f11f6e94eae7116497f817784b

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe
Size

184KB
MD5

275505e9a4d1447ab1c05a7ef8865740
SHA1

72fab793a9978a519056ff4fcc99ad42f59cc0e1
SHA256

cba33025b04fa24f493c71bdee1f685e893874f11f6e94eae7116497f817784b
SHA512

23d1befc28748c40500afa3e97746a6d2c3022cd409d41b42429eea59d88d2a487db5513112604fc1410c439285e2cd6ead8ecba291d19c46d42009f1714991f
SSDEEP

3072:ZmR9Ukon1jrYd4DZkiCniuNzHlvnqnxiua:Zm3oxE4D6iezHlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3424	Unicorn-26692.exe
4392	Unicorn-9875.exe
3448	Unicorn-44364.exe
1988	Unicorn-31573.exe
2484	Unicorn-23082.exe
2264	Unicorn-42948.exe
2816	Unicorn-41971.exe
868	Unicorn-29124.exe
4396	Unicorn-34277.exe
4792	Unicorn-44675.exe
2364	Unicorn-50540.exe
1716	Unicorn-30939.exe
1532	Unicorn-30939.exe
2968	Unicorn-11339.exe
1672	Unicorn-11339.exe
1384	Unicorn-15829.exe
856	Unicorn-40202.exe
2524	Unicorn-33940.exe
1132	Unicorn-30602.exe
1608	Unicorn-55621.exe
3228	Unicorn-39285.exe
1648	Unicorn-5844.exe
2876	Unicorn-5844.exe
3540	Unicorn-32770.exe
1840	Unicorn-32770.exe
4848	Unicorn-29970.exe
2244	Unicorn-38636.exe
2340	Unicorn-18149.exe
376	Unicorn-18149.exe
3904	Unicorn-44883.exe
4760	Unicorn-44883.exe
1028	Unicorn-2004.exe
1624	Unicorn-45211.exe
4744	Unicorn-26709.exe
4448	Unicorn-64818.exe
1508	Unicorn-10180.exe
3316	Unicorn-33786.exe
1752	Unicorn-58997.exe
4332	Unicorn-58997.exe
3048	Unicorn-20404.exe
3608	Unicorn-52483.exe
940	Unicorn-38747.exe
2216	Unicorn-58613.exe
460	Unicorn-58613.exe
2892	Unicorn-30490.exe
4728	Unicorn-24907.exe
3532	Unicorn-44773.exe
4408	Unicorn-57772.exe
2204	Unicorn-2842.exe
1400	Unicorn-22708.exe
2476	Unicorn-27861.exe
3156	Unicorn-39236.exe
2316	Unicorn-44124.exe
2680	Unicorn-63170.exe
4924	Unicorn-11451.exe
432	Unicorn-4420.exe
3828	Unicorn-15027.exe
4340	Unicorn-28026.exe
2064	Unicorn-28026.exe
4148	Unicorn-31291.exe
4592	Unicorn-36444.exe
2564	Unicorn-49812.exe
2052	Unicorn-46475.exe
4232	Unicorn-49428.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
7040	1412	WerFault.exe	177
6256	5036	WerFault.exe	176
7040	4112	WerFault.exe	187
8832	1964	WerFault.exe	167
9648	1964	WerFault.exe	167
18424	6476	WerFault.exe	266
4636	6104	WerFault.exe	237
8136	6032	WerFault.exe	1044
10300	18536	Process not Found	1129

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
11444	Process not Found
18532	Process not Found
7152	Process not Found
3272	Process not Found
3436	Process not Found
4088	Process not Found
8912	Process not Found
17440	Process not Found
8136	Process not Found
1760	Process not Found
9544	Process not Found
18528	Process not Found
9556	Process not Found
5500	Process not Found
12220	Process not Found
12248	Process not Found
12084	Process not Found
12096	Process not Found
12136	Process not Found
12140	Process not Found
12148	Process not Found
12152	Process not Found
12076	Process not Found
6080	Process not Found
12236	Process not Found
17384	Process not Found
19092	Process not Found
10376	Process not Found
11612	Process not Found
9848	Process not Found
9516	Process not Found
12324	Process not Found
4808	Process not Found
12332	Process not Found
12336	Process not Found
4260	Process not Found
12344	Process not Found
12348	Process not Found
12244	Process not Found
18752	Process not Found
12360	Process not Found
12364	Process not Found
4068	Process not Found
4104	Process not Found
4144	Process not Found
4092	Process not Found
4264	Process not Found
4248	Process not Found
4292	Process not Found
4320	Process not Found
4368	Process not Found
4084	Process not Found
4436	Process not Found
4128	Process not Found
4516	Process not Found
4416	Process not Found
9624	Process not Found
12520	Process not Found
12652	Process not Found
12668	Process not Found
12684	Process not Found
12688	Process not Found
12720	Process not Found
12724	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18752	Process not Found
Token: SeChangeNotifyPrivilege	18752	Process not Found
Token: 33	18752	Process not Found
Token: SeIncBasePriorityPrivilege	18752	Process not Found
Token: SeCreateGlobalPrivilege	8924	Process not Found
Token: SeChangeNotifyPrivilege	8924	Process not Found
Token: 33	8924	Process not Found
Token: SeIncBasePriorityPrivilege	8924	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe
3424	Unicorn-26692.exe
4392	Unicorn-9875.exe
3448	Unicorn-44364.exe
1988	Unicorn-31573.exe
2484	Unicorn-23082.exe
2264	Unicorn-42948.exe
2816	Unicorn-41971.exe
868	Unicorn-29124.exe
4396	Unicorn-34277.exe
2364	Unicorn-50540.exe
4792	Unicorn-44675.exe
1532	Unicorn-30939.exe
1716	Unicorn-30939.exe
1672	Unicorn-11339.exe
2968	Unicorn-11339.exe
1384	Unicorn-15829.exe
856	Unicorn-40202.exe
2524	Unicorn-33940.exe
2876	Unicorn-5844.exe
1132	Unicorn-30602.exe
1648	Unicorn-5844.exe
1608	Unicorn-55621.exe
3228	Unicorn-39285.exe
4848	Unicorn-29970.exe
2244	Unicorn-38636.exe
3540	Unicorn-32770.exe
1840	Unicorn-32770.exe
376	Unicorn-18149.exe
2340	Unicorn-18149.exe
3904	Unicorn-44883.exe
4760	Unicorn-44883.exe
1028	Unicorn-2004.exe
1624	Unicorn-45211.exe
4744	Unicorn-26709.exe
4448	Unicorn-64818.exe
1508	Unicorn-10180.exe
3316	Unicorn-33786.exe
4332	Unicorn-58997.exe
1752	Unicorn-58997.exe
3048	Unicorn-20404.exe
2216	Unicorn-58613.exe
940	Unicorn-38747.exe
3608	Unicorn-52483.exe
460	Unicorn-58613.exe
4728	Unicorn-24907.exe
2892	Unicorn-30490.exe
4408	Unicorn-57772.exe
3156	Unicorn-39236.exe
2204	Unicorn-2842.exe
2476	Unicorn-27861.exe
1400	Unicorn-22708.exe
3532	Unicorn-44773.exe
4924	Unicorn-11451.exe
2680	Unicorn-63170.exe
2316	Unicorn-44124.exe
3828	Unicorn-15027.exe
2064	Unicorn-28026.exe
4340	Unicorn-28026.exe
432	Unicorn-4420.exe
4148	Unicorn-31291.exe
4592	Unicorn-36444.exe
4232	Unicorn-49428.exe
1744	Unicorn-59826.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3424	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	85
PID 4900 wrote to memory of 3424	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	85
PID 4900 wrote to memory of 3424	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	85
PID 3424 wrote to memory of 4392	3424	Unicorn-26692.exe	86
PID 3424 wrote to memory of 4392	3424	Unicorn-26692.exe	86
PID 3424 wrote to memory of 4392	3424	Unicorn-26692.exe	86
PID 4900 wrote to memory of 3448	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	87
PID 4900 wrote to memory of 3448	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	87
PID 4900 wrote to memory of 3448	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	87
PID 4392 wrote to memory of 1988	4392	Unicorn-9875.exe	88
PID 4392 wrote to memory of 1988	4392	Unicorn-9875.exe	88
PID 4392 wrote to memory of 1988	4392	Unicorn-9875.exe	88
PID 3424 wrote to memory of 2484	3424	Unicorn-26692.exe	89
PID 3424 wrote to memory of 2484	3424	Unicorn-26692.exe	89
PID 3424 wrote to memory of 2484	3424	Unicorn-26692.exe	89
PID 3448 wrote to memory of 2264	3448	Unicorn-44364.exe	90
PID 3448 wrote to memory of 2264	3448	Unicorn-44364.exe	90
PID 3448 wrote to memory of 2264	3448	Unicorn-44364.exe	90
PID 4900 wrote to memory of 2816	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	91
PID 4900 wrote to memory of 2816	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	91
PID 4900 wrote to memory of 2816	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	91
PID 2484 wrote to memory of 868	2484	Unicorn-23082.exe	92
PID 2484 wrote to memory of 868	2484	Unicorn-23082.exe	92
PID 2484 wrote to memory of 868	2484	Unicorn-23082.exe	92
PID 2264 wrote to memory of 4396	2264	Unicorn-42948.exe	93
PID 2264 wrote to memory of 4396	2264	Unicorn-42948.exe	93
PID 2264 wrote to memory of 4396	2264	Unicorn-42948.exe	93
PID 3424 wrote to memory of 4792	3424	Unicorn-26692.exe	94
PID 3424 wrote to memory of 4792	3424	Unicorn-26692.exe	94
PID 3424 wrote to memory of 4792	3424	Unicorn-26692.exe	94
PID 4900 wrote to memory of 2364	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	96
PID 4900 wrote to memory of 2364	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	96
PID 4900 wrote to memory of 2364	4900	275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe	96
PID 4392 wrote to memory of 1716	4392	Unicorn-9875.exe	95
PID 4392 wrote to memory of 1716	4392	Unicorn-9875.exe	95
PID 4392 wrote to memory of 1716	4392	Unicorn-9875.exe	95
PID 3448 wrote to memory of 1532	3448	Unicorn-44364.exe	97
PID 3448 wrote to memory of 1532	3448	Unicorn-44364.exe	97
PID 3448 wrote to memory of 1532	3448	Unicorn-44364.exe	97
PID 1988 wrote to memory of 1672	1988	Unicorn-31573.exe	98
PID 1988 wrote to memory of 1672	1988	Unicorn-31573.exe	98
PID 1988 wrote to memory of 1672	1988	Unicorn-31573.exe	98
PID 2816 wrote to memory of 2968	2816	Unicorn-41971.exe	99
PID 2816 wrote to memory of 2968	2816	Unicorn-41971.exe	99
PID 2816 wrote to memory of 2968	2816	Unicorn-41971.exe	99
PID 868 wrote to memory of 1384	868	Unicorn-29124.exe	100
PID 868 wrote to memory of 1384	868	Unicorn-29124.exe	100
PID 868 wrote to memory of 1384	868	Unicorn-29124.exe	100
PID 2484 wrote to memory of 856	2484	Unicorn-23082.exe	101
PID 2484 wrote to memory of 856	2484	Unicorn-23082.exe	101
PID 2484 wrote to memory of 856	2484	Unicorn-23082.exe	101
PID 4396 wrote to memory of 2524	4396	Unicorn-34277.exe	102
PID 4396 wrote to memory of 2524	4396	Unicorn-34277.exe	102
PID 4396 wrote to memory of 2524	4396	Unicorn-34277.exe	102
PID 2264 wrote to memory of 1132	2264	Unicorn-42948.exe	103
PID 2264 wrote to memory of 1132	2264	Unicorn-42948.exe	103
PID 2264 wrote to memory of 1132	2264	Unicorn-42948.exe	103
PID 1716 wrote to memory of 1608	1716	Unicorn-30939.exe	104
PID 1716 wrote to memory of 1608	1716	Unicorn-30939.exe	104
PID 1716 wrote to memory of 1608	1716	Unicorn-30939.exe	104
PID 2364 wrote to memory of 3228	2364	Unicorn-50540.exe	105
PID 2364 wrote to memory of 3228	2364	Unicorn-50540.exe	105
PID 2364 wrote to memory of 3228	2364	Unicorn-50540.exe	105
PID 1532 wrote to memory of 1648	1532	Unicorn-30939.exe	106

C:\Users\Admin\AppData\Local\Temp\275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\275505e9a4d1447ab1c05a7ef8865740_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        8⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        8⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        7⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        7⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        8⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        8⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        8⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        7⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        7⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        6⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        7⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4088.exe
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        6⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5684.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49980.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56636.exe
        6⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        7⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        7⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30297.exe
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        6⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10696.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        7⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        6⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44738.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        6⤵
        
        PID:18232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        8⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        8⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        7⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        8⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        7⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49251.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        7⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        6⤵
        
        PID:15580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        6⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        8⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        8⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        7⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
        7⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        7⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        6⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        5⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        6⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
        6⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        5⤵
        
        PID:8600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        5⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
        5⤵
        
        PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16341.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        8⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        8⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39454.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34119.exe
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        6⤵
        
        PID:17056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        5⤵
        
        PID:4180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        5⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        5⤵
        
        PID:1412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 720
        6⤵
        Program crash
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        5⤵
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        5⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        5⤵
        
        PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        5⤵
        
        PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29090.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
      4⤵
      PID:14084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      4⤵
      PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
      4⤵
      PID:18220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        7⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        10⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        10⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        10⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        9⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        9⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        9⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        8⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        8⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        7⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        6⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
        8⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        7⤵
        
        PID:14164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        7⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        7⤵
        
        PID:18308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        6⤵
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        7⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        9⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
        7⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37557.exe
        7⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59264.exe
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        6⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        6⤵
        
        PID:14136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        6⤵
        
        PID:10344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28797.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6612.exe
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
        6⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        5⤵
        
        PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        6⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        8⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        8⤵
        
        PID:16500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        5⤵
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        7⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:15056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        7⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
        6⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        6⤵
        
        PID:18364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        5⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9473.exe
        5⤵
        
        PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        7⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        6⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        6⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        5⤵
        
        PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        5⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        5⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
        5⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        5⤵
        
        PID:17952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58210.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55145.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26994.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
      4⤵
      PID:15552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
      4⤵
      PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
      4⤵
      PID:17508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        6⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        7⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48167.exe
        6⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        5⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30228.exe
        6⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        7⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        6⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        6⤵
        
        PID:17872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        5⤵
        
        PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        5⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        7⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        6⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        6⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        6⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        5⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        5⤵
        
        PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
      4⤵
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        5⤵
        
        PID:15884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
      4⤵
      PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        5⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
        5⤵
        
        PID:17952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49149.exe
      4⤵
      PID:10320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        5⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26292.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        6⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        5⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50800.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        6⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        5⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        5⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        5⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        5⤵
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
      4⤵
      PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
      4⤵
      PID:5036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 632
        5⤵
        Program crash
        
        PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31359.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
      4⤵
      PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
      4⤵
      PID:18036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
    3⤵
    PID:7292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
    3⤵
    PID:11176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
    3⤵
    PID:14124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
    3⤵
    PID:17280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        7⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        9⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        10⤵
        
        PID:11000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        10⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
        10⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
        10⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        9⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        9⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        9⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        8⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        8⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        8⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        7⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
        8⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        8⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        8⤵
        
        PID:16696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        7⤵
        
        PID:16408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        6⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        6⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        8⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        8⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        8⤵
        
        PID:18212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        7⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
        7⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        6⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55988.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
        7⤵
        
        PID:17252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59406.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        6⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11304.exe
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        5⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        5⤵
        
        PID:18192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        8⤵
        
        PID:18348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
        7⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        7⤵
        
        PID:12984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        7⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13256.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
        6⤵
        
        PID:18020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        5⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
        5⤵
        
        PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        5⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        7⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        7⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        6⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
        6⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        5⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        5⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
        5⤵
        
        PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
      4⤵
      PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
      4⤵
      PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        7⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        7⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        7⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        7⤵
        
        PID:17808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23425.exe
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        6⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        7⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        7⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        6⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        5⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        6⤵
        
        PID:16656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        6⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-141.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        5⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        5⤵
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24532.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60990.exe
      4⤵
      PID:14588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
      4⤵
      PID:18196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      4⤵
      PID:7060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        5⤵
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36651.exe
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        6⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60974.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
      4⤵
      PID:14716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      4⤵
      PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44124.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        6⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        5⤵
        
        PID:6032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 408
        6⤵
        Program crash
        
        PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
      4⤵
      PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38752.exe
        5⤵
        
        PID:17832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        5⤵
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
      4⤵
      PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
      4⤵
      PID:6724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
    3⤵
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
        5⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        5⤵
        
        PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40416.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
      4⤵
      PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
      4⤵
      PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
    3⤵
    PID:10120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
    3⤵
    PID:14216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
    3⤵
    PID:16388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25501.exe
    3⤵
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33522.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3416.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        7⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        7⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        6⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        5⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        6⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        6⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24687.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
        5⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60229.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        5⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        5⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        6⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        6⤵
        
        PID:14168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        6⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        5⤵
        
        PID:14580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32161.exe
      4⤵
      PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
        6⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        5⤵
        
        PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
      4⤵
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        6⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        5⤵
        
        PID:12528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        5⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        5⤵
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
      4⤵
      PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
        5⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
        5⤵
        
        PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
      4⤵
      PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
      4⤵
      PID:15192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15789.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
    3⤵
    PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
      4⤵
      PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
      4⤵
      PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
    3⤵
    PID:8608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
    3⤵
    PID:11960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62270.exe
    3⤵
    PID:18048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12495.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        7⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 652
        7⤵
        Program crash
        
        PID:4636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 720
        6⤵
        Program crash
        
        PID:8832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 720
        6⤵
        Program crash
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        6⤵
        
        PID:15652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        6⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        6⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39504.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        5⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        5⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        5⤵
        
        PID:13504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        5⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22456.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      4⤵
      PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
      4⤵
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
      4⤵
      PID:4756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
      4⤵
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44168.exe
        6⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        5⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
        5⤵
        
        PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
      4⤵
      PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      4⤵
      PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
    3⤵
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
      4⤵
      PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
      4⤵
      PID:17520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
    3⤵
    PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
      4⤵
      PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
      4⤵
      PID:15464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
    3⤵
    PID:8748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
    3⤵
    PID:12676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45799.exe
    3⤵
    PID:16556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
    3⤵
    PID:7096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
      4⤵
      PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        5⤵
        
        PID:6476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 712
        6⤵
        Program crash
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        5⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        5⤵
        
        PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
      4⤵
      PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
      4⤵
      PID:6152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
    3⤵
    PID:4112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 636
      4⤵
      Program crash
      PID:7040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
    3⤵
    PID:7796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
    3⤵
    PID:10996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
    3⤵
    PID:14596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
    3⤵
    PID:4464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
    3⤵
    PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62919.exe
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
      4⤵
      PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      4⤵
      PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
      4⤵
      PID:17744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
    3⤵
    PID:11128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11988.exe
    3⤵
    PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
    3⤵
    PID:18172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
  2⤵
  PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
    3⤵
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41154.exe
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
      4⤵
      PID:14508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35125.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
      4⤵
      PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
    3⤵
    PID:8852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
    3⤵
    PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
    3⤵
    PID:15620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25967.exe
    3⤵
    PID:17936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
  2⤵
  PID:6288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27191.exe
    3⤵
    PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
    3⤵
    PID:12956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
    3⤵
    PID:15744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
    3⤵
    PID:2208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
  2⤵
  PID:9072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
  2⤵
  PID:11752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
  2⤵
  PID:15568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
  2⤵
  PID:5228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
  2⤵
  PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1412 -ip 1412
1⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4112 -ip 4112
1⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5036 -ip 5036
1⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1964 -ip 1964
1⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1964 -ip 1964
1⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6476 -ip 6476
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 6104 -ip 6104
1⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6032 -ip 6032
1⤵
PID:18428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe

Filesize
184KB

MD5
fcff0e33d222d567458a98ad338a7f43

SHA1
3fd9e09f624611e4ac5dfd09676884f5ea3106c7

SHA256
0aa6d0c7563a2b1695b6db890ff389a1b9f5989847829a79df23b235eae23793

SHA512
1f767271db9fe4be42ea526224b9184b38ca93aaaf055843bd7bcfc341b7dc760cd1947fc691ec775491fd9d9c8c76cf125ae35feda96af0acdb5153e3430678

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe

Filesize
184KB

MD5
02ce60ce989b34ff590a1ee5d14554f5

SHA1
cd1ea4e33558152a5ac34a0ab5ce2f59a72510ae

SHA256
a4a722c1c515c412845e8694e1d8c636b98da8e9963453f073996a98db3f3664

SHA512
fbbd0b2f5a5d3f12378002bbe1149e74053daf394bc1cc36640501814d9906f8b99b5603197a9e5ac94d529c6a5f22c7ee68423d50aa48a9617e8b6b65283bd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe

Filesize
184KB

MD5
d12fcddcaec535e098ac81fb59f7f109

SHA1
bcc4fb23a452e006277adbbdacc0ebb375cbc9eb

SHA256
a2611026b80d7ec37ec5f8badd8aebb8ee85e209826d4b94455ad9d2c4f6694d

SHA512
be4fb43c8e1be7b1e0954a7a97d0933f7d5efb8dc1bebc01de1c6686f60078b7fee051b7cbd9218e7cca18ec1d678de9c13cfb810368106dcb05718ee924b599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe

Filesize
184KB

MD5
f068d24bee40316a990511cffb3b6f1a

SHA1
8e9734cb3cf0b976c327a83655328039314d726f

SHA256
5a5d6bbb3240b2b774e406a1d08028c3857ed3345abd2f028dad1a5b6a721b80

SHA512
a12a42061f2fbcd17f4606294eeee3e82be0a3d31e2842ac7c97d57f58276d14563abb7724d6616d090e55d615f6a32a049f66277b6c7e1771c6806d4ca8d82e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe

Filesize
184KB

MD5
9b4e5205727701fcf98dc3a849fb9aad

SHA1
a6b056d8f76146f7ca24d9dfe8ce7d0fd71c5a17

SHA256
9040e80c1757582fcfbf5c5232476a65bc9bacf84583a05e6aec262d3335c2bf

SHA512
37ca1f0f8a977ac70f904573f838d56453c0987586c4d11e94f8587f7749df1188d3dc6f10c8c81e1aff5c057d4efc061af82a4d2860e1b7344c060321bfabeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe

Filesize
184KB

MD5
1c453868a4491f48c1ff1310bde8de06

SHA1
463367547cb44f6d37c5a840c3bad3dad8a5aea8

SHA256
a9e8c209fa9724bd8e6bc4e3339821a431ec7fbb4d9537a46db9068e8d8fbd0e

SHA512
f7af45924af8a8ea7ab4821f936dc333f920333e97a9335c60aebab50866e3d3fbd412e5d57222830f0fd4a17eee769172bc5ede4f57cdbcea19379c37602750

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe

Filesize
184KB

MD5
c7d8d72b7ca10fb034e8fdf32963b5be

SHA1
fef08f2f28ccbffc5b5788dfd1a0c920fb7cf133

SHA256
122d4f78cd908b30e4f40923568a42d361edc47fe32727635b6dc932494a89f5

SHA512
1e77aaeba3a006f75427c64ac4ce375451b489db9327c153584df48eb66b3a3578bf7bc3c2092a46a84eba94f477fa812a570addc8b16d368e283c6221339e9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe

Filesize
184KB

MD5
3dca7624f886f9ff7a2b12e32e80779a

SHA1
19ffc35d3b7650229335f953f988886bc6b93018

SHA256
3af6c03d70ab809bec9fed76b8c7245fe1977f95437ab32d984f5ff142b032bc

SHA512
6d2f90bd8d7ffc08e1df8b61141192044a2317aad6b4988f77e8ec1513f92ebea49c8e99accdd17fdb2f37aef31feab7062a348772237490ce315a8285f943af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe

Filesize
184KB

MD5
2d73320a56180d728eb1651727169e7a

SHA1
e0c24001affc6491a8ac01f8000c8816aff4848c

SHA256
96911af351332b86a0af478316a6ed7b6d6de1e8f701b28da30f8c1091fe900b

SHA512
970b2e2c3d4366d7529193e65fdc5d56ea9cbf9ca742e9a1fd1dcb2c1280364e75b35d99ec88b57ed1a25f5872ade207cf10e5a4384aaca7d0749e0fb4eea149

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe

Filesize
184KB

MD5
1640701781c919043c066ea8c8896071

SHA1
9bb4534e8a6985984d77689913b62b08ce7e71cb

SHA256
8c4eb54f7858778f4c65ebe7257ad4e608c92439cd0d025577eff05d24eed4cd

SHA512
fceb279b185732990a2c9320fb371a742e86868d2e4bf44e234b99044aac26bd42823a47b1bcd0bb09b6bd2eadfc2be6c036fe7d4ce4403bef0b3a07087fcf22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe

Filesize
184KB

MD5
6c18ac96f67de57ebcd91a6c58945a5a

SHA1
0089e1c77020f82a4159ee4aea6091acf1c14bc5

SHA256
fd384fb1f2d7b259cf6f8f54bc9678f88abb283ebe4fa33f79e3800b06edb411

SHA512
e63c00388822def3cc74c974c64f22fca8e260270c384f8662fa60002cfc38dc10bc1c6c85a25945ba64e29ae51ffdef6cb9246bff44031f2cd563d8a5a36db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe

Filesize
184KB

MD5
23c89225e20228f89b62dc2ce17aaa5f

SHA1
f9ee9105f6fc809632e6421c549f0f02c32d1af6

SHA256
3ca52905a4661aa72fd41ed8df0f936a438e63a6612893873829bcf1b7bc4cae

SHA512
36d4c50a9745852c09499134c70923f8cca2e0c0d669c7d1f196cb9742bcc6ebe567d08ed7d6c0f34d92ff587ac5c642931f519caea9f3a1c316d03a84d222b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe

Filesize
184KB

MD5
32fa071180b09fdbc2411a6b12eae968

SHA1
c88b4357725fc3589032152460c2fac0b0711268

SHA256
0ebbc1f76b025cbf59b22a0993552ed23197d9ba558e32f3f5c5b23e25fd2847

SHA512
2aa3de1c2634925bec982d555b7d13e1199858ee264d33ba43d149876e3cff5f6440750615b5d3928e9cafa8e0cb329a34e4eb5641bbeebb331447850fbaa493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe

Filesize
184KB

MD5
335c67df915360e76a77bdc7dba88a24

SHA1
9d14b95cf75428481cad1654fbde983c251ce225

SHA256
3168b3562091ffa764607c857b73d487b6db987f1b37fa080f38771638674abe

SHA512
221db33ab6682b742fd87e4f4cef8c44ae85e8a672daa214ee53862fcbbdf799a6bcdbd2cfa7277eed217d28272c764d9c61cad849798f2d05f6e72b0d3bbe8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe

Filesize
184KB

MD5
be205bfe87087ed058fd5a18120a6564

SHA1
61d83a1f9c52c8f53fa5f20a63c1ae06803a58d0

SHA256
be9005f146e90ca9210ba4681a83ca664321659e6b9ed71f318b6d7aff4ddf83

SHA512
f237f16f4af38a970c07d836bf9a55c8397f2065698b4d4df85f2eda078edd2e5556342dede340dc89d7387c53e938d221915aba657cef6f2883afa798c4f242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe

Filesize
184KB

MD5
a09ae8e6ca4d6e902db64191dbd93739

SHA1
6ad4eaef609671531f75bb5762985f3d9313d472

SHA256
fd229551ca176d7fbd18a15ddd7f1b79157fcd2e7e982d162b11c23347eced06

SHA512
ea8315f870d7c8e3a23d40c43ff63ce9ff87255ac094828c82b1bcf6379eee8ba1eae9b57da5e1ffc72e7fbf69ecce30f084ca3b6f803378d4ff2d01365f249e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe

Filesize
184KB

MD5
0c9d14657ead62c4e021e428ad628052

SHA1
4bc4562e1b75f2fa70b19d37095db939c07a30f1

SHA256
f1d663b2b8b8c42b7eaa16ce0ae01aa528d928fdec3b7964e19ad406d8925661

SHA512
2502033ebe3a54e48b82bb50e825f44204c145f6fa28b412063bfe44ce4b0a5a17d3bc1e4bd0f38a0cc0595c50c2311963ccba92933b078a67974ffce361a8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe

Filesize
184KB

MD5
6bacf68f940382a6c145de9315161dcd

SHA1
2c94ae72a02e469ddc376e2fbf2e828a31f24593

SHA256
77086c3f605b4543e82c757c116a7b88c86500c20a3eaa99e533e6002ee097c6

SHA512
306a9ee5645d03bff6f01f482323f9917582fff50d2d099c9b98c65bb73c0b2e8e564ebe8bbc7d22ecbf7fdcbf4f6cbc0c9a7eb443655d223c3811636566b7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe

Filesize
184KB

MD5
41208ec45aefceb5ac7de40931b2e386

SHA1
4a255ad7dab8995078dc12706825fe39b6a81768

SHA256
fb047584e2285da70207d65b88fa486f627218bd81a5e14d4148e4dd771972eb

SHA512
d92e3d4a28ed95a7b324c2b615e82ae66a302996e8ce5e3657319568c25299f5fd431fc489676a995e784b0d7442201cc511a80def7542199362f759a5a92bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe

Filesize
184KB

MD5
6182b911bc289a150b04a9711689cfb7

SHA1
083256a83ba2875523ffdbfdf824d10321b4f538

SHA256
3ab1d44a8b82f0bd99067ea0e3cdd06a26f7afb460d9e655466263c12709e9e4

SHA512
a2fd15692fdaf8e601b904c081e0a8ef078006afb069353cd7642c115c71ceb9d5731f1eae74761dd115d2ac7fb1b591a8c97d4f004bce5924c8ba10c2316c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe

Filesize
184KB

MD5
1cd6fb98e935ee59101e805629ce43b0

SHA1
d6b037b7b11da7371ad391d305521bcd34a87f3e

SHA256
f8451c99e25e47ef9d8d1b3f5f61c2f2c4546b24dd7cdbf5991169d9494ec1c8

SHA512
a4f31c82c5ac178a971952a0ad0d84d5362ee34177442bd4b68494da5dbea1b60442466a1438b31889b3e9ee24cc52fd5208908922c448f5dbb9ee46fe9c5762

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe

Filesize
184KB

MD5
d594cf83bce3c3cc7650788af165972e

SHA1
609f8fcabe15827ad9692802f990acc23ecd4477

SHA256
ccad58f232dc29121673b43e45730c637e5694d9312beaf5bd2399ace8df0d4c

SHA512
9e2c9a2113b3cbf37f9decad9e742d323e7a1c2281d0076ba41d2aec646a2145ddf1cb9787d676757c036c9b4afeac8bc37069e79cfdd2d8555e50e1c2089813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe

Filesize
184KB

MD5
5f360bf5d83bc36bbe56b5c432eb0157

SHA1
88cb10c67742d07350dc8653b4e22a8ff8323b7c

SHA256
6fe45986ad6abc3faa468f15d15425039cdc6739120c4e468c3f594fa139dc30

SHA512
82c37fd2e1b5f4247e85c01474fac9dce21b9741a552bbcb37ae579bc246c575aaab1a75181d4085a526739b8be1deca57cd270bd89048ccf5774bdc650e949e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe

Filesize
184KB

MD5
df7003f6f5f299120adabc73f910b0bb

SHA1
42f24d46de5ef0bda036a4c2a701a0f29e26798b

SHA256
2f8d801db4e89bf11a418243ad2067c5326cb41204f08507613ed168143e3367

SHA512
b7e00065c19a93c925017a5f4efa75fae4bdbb0aed56a49be1dd513097f555589f40b4b2e3d7d348d694cc424a8f444419e30d682a43ad4c1b36adc6c23564ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe

Filesize
184KB

MD5
f972ee91974e2adaf7f768aa0540c907

SHA1
f7ae5f0d10a123cc21bd45a86e2bae06935350d6

SHA256
32fb7d91b1bcc04be8b3c21c096cdd659169c56de92badb643e548f20ef61ee6

SHA512
1d5fa63406455ac6d8ba5bc7893ae562829d613f3c606bab8a40d1cd183d8a96c5457452a0fdd8b5aeb33f0a2989f0c55b19db238d830acdf42db3ad138fc430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe

Filesize
184KB

MD5
695227d76024f322f0b6d2c3c76c1e00

SHA1
41f1826dc97e7641b0719206ff3e1e4d852952d4

SHA256
1a7f72ce1b72726b97723376f8544c37814ddd7a2407b194009db37c43498e97

SHA512
8de12204c44ac13d0ef552c5b5f74fb0e7ee4581ea53f6565ba77d9d60be869026ec5f1d252c8f6df6767cf905d84205cc2da813f46b776f65d28ffbd10b9090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe

Filesize
184KB

MD5
538955f7debd1c9c5f9c176fc268416c

SHA1
0a30a5a3bef2f45a7058da5aef6a26531c6cda8f

SHA256
19b03a6c45183a3e74ee9fffad71f82c03663f03ed7c47883d52cbf5aaf5ca1b

SHA512
2621bd4cdfa5cc845b059ac13dec218c85b1a7fd314956beb2c36d29e1ada3862b312abe30b37fcdcef0c7801eb0d960d8cde93af017ae89a6b281016c68350a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe

Filesize
184KB

MD5
513aabe09f1afc4d8351a03244b6a927

SHA1
1679f848398bddb6a9e022fa9269674a4f4111e2

SHA256
471d2c47ffe5a5ad63c5c7eacba69b94c1d7edae67123a79e3f703cb0672f0f7

SHA512
9588a397530c894b87abf24d8258fbec82d15a8af38e9b37cc799adb438f8ea223987000ca2d358ce601f17fc6727992ce3ed828e0524d99c7386bc79ee5087c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe

Filesize
184KB

MD5
c81d5dda72873b602c7dbee736487b65

SHA1
f4ef80a51f2a5c563b3c7587822bf0c0126a2e49

SHA256
2cc40faa854db51bd191a0d3a3e8185a7a1fcdb4a6140ee6f97148ecb087f998

SHA512
b55f34766ef0dc43a689a1520478fece58ba9c59d428e2c325fb3b5cb1ea37611568af03b9a3d080971e3864d14a215e037fa121ab3d5065f1294baa55f50f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe

Filesize
184KB

MD5
5921952a598301cab818907eb8dac712

SHA1
758719f2d2243d503976394c1f7f2dbd6e01991b

SHA256
21576012d61dc1f60b198031df267442ac0a6aa9b93a81100f7aed16ab13e42f

SHA512
aa8d1e51d5053c89636b91dcd32b94d385f45619b0e64181e842184270ecde2c14fc66075d7ce44a15d36ac6c03d366d9437486010b451b6029f9ce5a0db7e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe

Filesize
184KB

MD5
400fe4fdbffde6a2a19a5f6c9f874e47

SHA1
0d8af820304eeb6a730e822774ada2aaa6100ced

SHA256
0509562cda28e21cbb330a213963382b020620060fa9155d08934747da22f1c6

SHA512
8da4b57531740580a0b309ee318d6ceaebbefd3baaeda8855e61f5aa0bbcdaedd04d23c365e618b4c9c111c629bc58e4f465fd85363e33916586845c9f8b4e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe

Filesize
184KB

MD5
be2b44807fdc117578e547ff50132d57

SHA1
e4396e8e0881c9a26d188816d844ee6d84c9d46e

SHA256
2967799bc7102b798b8bcb3a3570d93be63bf55dacf25fd5dcd0f6d3138f50eb

SHA512
2bb770edc7dee548485ce19d15e664bc0064de9dbff00c7bfa39efd128323a4e8acec88ed2f536e03be12b694030147cb76078ebbfdf06a409f807cfb27b0a0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads