aee9ba919d82ff04453d50bcd326d540661a22c9a712461d552f0990d9ed0ef8

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe
Size

184KB
MD5

13f32b4d8919aa621d0b8ffab19bd4e0
SHA1

2a2f4f56b4d4ecf15b14421a8373124b6285d7b6
SHA256

aee9ba919d82ff04453d50bcd326d540661a22c9a712461d552f0990d9ed0ef8
SHA512

75f3a879463522be13f620c898ef3a7b1cad472ea14e5640316c33fb76a6d12ade42efde57142fdc0ff1f5e2489e7766525201b13d32fd22af019eb27943ba8c
SSDEEP

3072:FNPIAkodf0radolZWiwncsNzQlvnqnxiuF:FN4o+WolWc8zQlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1032	Unicorn-11255.exe
2656	Unicorn-58020.exe
3076	Unicorn-20557.exe
2080	Unicorn-28981.exe
3044	Unicorn-53739.exe
3112	Unicorn-20455.exe
3716	Unicorn-65170.exe
1224	Unicorn-19620.exe
3448	Unicorn-33002.exe
3644	Unicorn-2790.exe
1044	Unicorn-22395.exe
3284	Unicorn-33813.exe
3548	Unicorn-6001.exe
3780	Unicorn-12707.exe
4660	Unicorn-60382.exe
612	Unicorn-17127.exe
708	Unicorn-48107.exe
2652	Unicorn-15861.exe
3336	Unicorn-29051.exe
1528	Unicorn-14132.exe
3596	Unicorn-1780.exe
3504	Unicorn-29540.exe
4012	Unicorn-10250.exe
3740	Unicorn-11074.exe
1848	Unicorn-61828.exe
3172	Unicorn-8491.exe
4476	Unicorn-48206.exe
816	Unicorn-19841.exe
3988	Unicorn-8035.exe
3116	Unicorn-54283.exe
1384	Unicorn-60661.exe
2276	Unicorn-48117.exe
640	Unicorn-55015.exe
4288	Unicorn-20266.exe
2544	Unicorn-44932.exe
4104	Unicorn-38610.exe
2104	Unicorn-42628.exe
2972	Unicorn-22570.exe
3484	Unicorn-23530.exe
2804	Unicorn-1699.exe
3152	Unicorn-14890.exe
3128	Unicorn-35716.exe
1296	Unicorn-29393.exe
2892	Unicorn-53479.exe
3924	Unicorn-27148.exe
448	Unicorn-8938.exe
4732	Unicorn-44263.exe
3008	Unicorn-23441.exe
2784	Unicorn-58357.exe
1080	Unicorn-60610.exe
4276	Unicorn-25877.exe
1400	Unicorn-49644.exe
5068	Unicorn-61092.exe
2600	Unicorn-29380.exe
2692	Unicorn-34090.exe
2880	Unicorn-20644.exe
1420	Unicorn-34026.exe
3064	Unicorn-25444.exe
1512	Unicorn-6154.exe
1172	Unicorn-49284.exe
1304	Unicorn-12340.exe
4908	Unicorn-56507.exe
1120	Unicorn-7938.exe
2760	Unicorn-29226.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
448	3448	WerFault.exe	93
2536	3448	WerFault.exe	93
4988	3548	WerFault.exe	99
3464	4972	WerFault.exe	157
404	1420	WerFault.exe	148
3764	1080	WerFault.exe	138
10196	8456	WerFault.exe	429
17256	16324	WerFault.exe	1023

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16432	Process not Found
Token: SeChangeNotifyPrivilege	16432	Process not Found
Token: 33	16432	Process not Found
Token: SeIncBasePriorityPrivilege	16432	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe
1032	Unicorn-11255.exe
2656	Unicorn-58020.exe
3076	Unicorn-20557.exe
2080	Unicorn-28981.exe
3112	Unicorn-20455.exe
3044	Unicorn-53739.exe
3716	Unicorn-65170.exe
1224	Unicorn-19620.exe
3448	Unicorn-33002.exe
3644	Unicorn-2790.exe
1044	Unicorn-22395.exe
3284	Unicorn-33813.exe
3780	Unicorn-12707.exe
4660	Unicorn-60382.exe
3548	Unicorn-6001.exe
612	Unicorn-17127.exe
708	Unicorn-48107.exe
2652	Unicorn-15861.exe
3336	Unicorn-29051.exe
1528	Unicorn-14132.exe
3504	Unicorn-29540.exe
4012	Unicorn-10250.exe
3596	Unicorn-1780.exe
3740	Unicorn-11074.exe
3172	Unicorn-8491.exe
4476	Unicorn-48206.exe
1848	Unicorn-61828.exe
816	Unicorn-19841.exe
3988	Unicorn-8035.exe
1384	Unicorn-60661.exe
2276	Unicorn-48117.exe
640	Unicorn-55015.exe
4288	Unicorn-20266.exe
2544	Unicorn-44932.exe
4104	Unicorn-38610.exe
2104	Unicorn-42628.exe
2972	Unicorn-22570.exe
2804	Unicorn-1699.exe
3484	Unicorn-23530.exe
3128	Unicorn-35716.exe
3152	Unicorn-14890.exe
2892	Unicorn-53479.exe
3924	Unicorn-27148.exe
4732	Unicorn-44263.exe
3008	Unicorn-23441.exe
1296	Unicorn-29393.exe
2600	Unicorn-29380.exe
2784	Unicorn-58357.exe
1080	Unicorn-60610.exe
2880	Unicorn-20644.exe
1172	Unicorn-49284.exe
1512	Unicorn-6154.exe
4276	Unicorn-25877.exe
4908	Unicorn-56507.exe
1400	Unicorn-49644.exe
5068	Unicorn-61092.exe
448	Unicorn-8938.exe
1420	Unicorn-34026.exe
3064	Unicorn-25444.exe
2692	Unicorn-34090.exe
1304	Unicorn-12340.exe
1684	Unicorn-42372.exe
2760	Unicorn-29226.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 1032	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	85
PID 4204 wrote to memory of 1032	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	85
PID 4204 wrote to memory of 1032	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	85
PID 1032 wrote to memory of 2656	1032	Unicorn-11255.exe	86
PID 1032 wrote to memory of 2656	1032	Unicorn-11255.exe	86
PID 1032 wrote to memory of 2656	1032	Unicorn-11255.exe	86
PID 4204 wrote to memory of 3076	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	87
PID 4204 wrote to memory of 3076	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	87
PID 4204 wrote to memory of 3076	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	87
PID 2656 wrote to memory of 2080	2656	Unicorn-58020.exe	88
PID 2656 wrote to memory of 2080	2656	Unicorn-58020.exe	88
PID 2656 wrote to memory of 2080	2656	Unicorn-58020.exe	88
PID 1032 wrote to memory of 3044	1032	Unicorn-11255.exe	89
PID 1032 wrote to memory of 3044	1032	Unicorn-11255.exe	89
PID 1032 wrote to memory of 3044	1032	Unicorn-11255.exe	89
PID 3076 wrote to memory of 3112	3076	Unicorn-20557.exe	90
PID 3076 wrote to memory of 3112	3076	Unicorn-20557.exe	90
PID 3076 wrote to memory of 3112	3076	Unicorn-20557.exe	90
PID 4204 wrote to memory of 3716	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	91
PID 4204 wrote to memory of 3716	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	91
PID 4204 wrote to memory of 3716	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	91
PID 2080 wrote to memory of 1224	2080	Unicorn-28981.exe	92
PID 2080 wrote to memory of 1224	2080	Unicorn-28981.exe	92
PID 2080 wrote to memory of 1224	2080	Unicorn-28981.exe	92
PID 2656 wrote to memory of 3448	2656	Unicorn-58020.exe	93
PID 2656 wrote to memory of 3448	2656	Unicorn-58020.exe	93
PID 2656 wrote to memory of 3448	2656	Unicorn-58020.exe	93
PID 3112 wrote to memory of 3644	3112	Unicorn-20455.exe	94
PID 3112 wrote to memory of 3644	3112	Unicorn-20455.exe	94
PID 3112 wrote to memory of 3644	3112	Unicorn-20455.exe	94
PID 3076 wrote to memory of 1044	3076	Unicorn-20557.exe	95
PID 3076 wrote to memory of 1044	3076	Unicorn-20557.exe	95
PID 3076 wrote to memory of 1044	3076	Unicorn-20557.exe	95
PID 3044 wrote to memory of 3284	3044	Unicorn-53739.exe	98
PID 3044 wrote to memory of 3284	3044	Unicorn-53739.exe	98
PID 3044 wrote to memory of 3284	3044	Unicorn-53739.exe	98
PID 1032 wrote to memory of 3548	1032	Unicorn-11255.exe	99
PID 1032 wrote to memory of 3548	1032	Unicorn-11255.exe	99
PID 1032 wrote to memory of 3548	1032	Unicorn-11255.exe	99
PID 3716 wrote to memory of 3780	3716	Unicorn-65170.exe	101
PID 3716 wrote to memory of 3780	3716	Unicorn-65170.exe	101
PID 3716 wrote to memory of 3780	3716	Unicorn-65170.exe	101
PID 4204 wrote to memory of 4660	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	102
PID 4204 wrote to memory of 4660	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	102
PID 4204 wrote to memory of 4660	4204	13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe	102
PID 1224 wrote to memory of 612	1224	Unicorn-19620.exe	105
PID 1224 wrote to memory of 612	1224	Unicorn-19620.exe	105
PID 1224 wrote to memory of 612	1224	Unicorn-19620.exe	105
PID 2080 wrote to memory of 708	2080	Unicorn-28981.exe	106
PID 2080 wrote to memory of 708	2080	Unicorn-28981.exe	106
PID 2080 wrote to memory of 708	2080	Unicorn-28981.exe	106
PID 3644 wrote to memory of 2652	3644	Unicorn-2790.exe	107
PID 3644 wrote to memory of 2652	3644	Unicorn-2790.exe	107
PID 3644 wrote to memory of 2652	3644	Unicorn-2790.exe	107
PID 3112 wrote to memory of 3336	3112	Unicorn-20455.exe	108
PID 3112 wrote to memory of 3336	3112	Unicorn-20455.exe	108
PID 3112 wrote to memory of 3336	3112	Unicorn-20455.exe	108
PID 1044 wrote to memory of 1528	1044	Unicorn-22395.exe	109
PID 1044 wrote to memory of 1528	1044	Unicorn-22395.exe	109
PID 1044 wrote to memory of 1528	1044	Unicorn-22395.exe	109
PID 3076 wrote to memory of 3596	3076	Unicorn-20557.exe	110
PID 3076 wrote to memory of 3596	3076	Unicorn-20557.exe	110
PID 3076 wrote to memory of 3596	3076	Unicorn-20557.exe	110
PID 3284 wrote to memory of 3504	3284	Unicorn-33813.exe	111

C:\Users\Admin\AppData\Local\Temp\13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13f32b4d8919aa621d0b8ffab19bd4e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        9⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        10⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        9⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        10⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        10⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        10⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
        9⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        9⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        9⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        9⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        9⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        9⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        9⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
        9⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        8⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 720
        8⤵
        Program crash
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11235.exe
        9⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
        9⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        9⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56347.exe
        9⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        9⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        9⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        9⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        9⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        8⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        8⤵
        
        PID:14940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        8⤵
        
        PID:17176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
        6⤵
        Executes dropped EXE
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        9⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51230.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        6⤵
        Executes dropped EXE
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32935.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        9⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        8⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        9⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
        9⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        8⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        8⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        7⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31532.exe
        6⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        7⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        7⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        9⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
        9⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        9⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
        8⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        9⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        8⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        8⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        8⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        8⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50862.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        7⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
        9⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        8⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        8⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        8⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21796.exe
        8⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        7⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        7⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        7⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        6⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        6⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        6⤵
        
        PID:11648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        6⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        7⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53628.exe
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        6⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        7⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        6⤵
        
        PID:14148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5986.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        5⤵
        
        PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 464
        5⤵
        Program crash
        
        PID:448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 420
        5⤵
        Program crash
        
        PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
        6⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        8⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        8⤵
        
        PID:13988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        7⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22852.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        
        PID:13332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        5⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        7⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        7⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        6⤵
        
        PID:15484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
        6⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46412.exe
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        7⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        6⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        6⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        6⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        5⤵
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
      4⤵
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        5⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        6⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        5⤵
        
        PID:10560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
        5⤵
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
      4⤵
      PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59943.exe
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56124.exe
      4⤵
      PID:3132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        8⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        8⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        8⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        8⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        6⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        6⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        7⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        6⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
        6⤵
        
        PID:16240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33301.exe
        6⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2424.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        7⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        6⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        7⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        7⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        7⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
        6⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        5⤵
        
        PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        9⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        9⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        8⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        8⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63145.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        7⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        6⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        6⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        7⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        7⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47452.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        7⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        6⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        7⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        7⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        5⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        5⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        7⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        7⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        6⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:12828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        6⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        6⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        7⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
      4⤵
      PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        5⤵
        
        PID:16300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
      4⤵
      PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
      4⤵
      PID:14556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
      4⤵
      PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 716
      4⤵
      Program crash
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        7⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        6⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        6⤵
        
        PID:15468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        6⤵
        
        PID:14272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19242.exe
      4⤵
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        6⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        5⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29935.exe
        5⤵
        
        PID:15456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18045.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
      4⤵
      PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26029.exe
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
      4⤵
      PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 720
      4⤵
      Program crash
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
      4⤵
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
      4⤵
      PID:15072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
      4⤵
      PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        5⤵
        
        PID:16280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
      4⤵
      PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13428.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
      4⤵
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
      4⤵
      PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
    3⤵
    PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
    3⤵
    PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
      4⤵
      PID:15088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60441.exe
    3⤵
    PID:11664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
    3⤵
    PID:14564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
    3⤵
    PID:9892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        9⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
        9⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
        9⤵
        
        PID:14384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        9⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        8⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        8⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        9⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        8⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        8⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22024.exe
        7⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        7⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        9⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32386.exe
        9⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        9⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        9⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        9⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18052.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
        9⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        9⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3455.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        9⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        9⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        9⤵
        
        PID:16192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        8⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26765.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        7⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25613.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        7⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18771.exe
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        7⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
        6⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 488
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        7⤵
        
        PID:16336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34121.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12582.exe
        6⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        6⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49829.exe
        5⤵
        
        PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        6⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7871.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        8⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        7⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        7⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        6⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        7⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15530.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22639.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        6⤵
        
        PID:15556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        5⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40524.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15407.exe
        5⤵
        
        PID:9260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        5⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1553.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
        7⤵
        
        PID:13476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
        7⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36778.exe
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
        5⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7555.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
      4⤵
      PID:8184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39154.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        7⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        8⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        8⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61753.exe
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28930.exe
        6⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56331.exe
        5⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        8⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        7⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        6⤵
        
        PID:15600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        5⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        5⤵
        
        PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        5⤵
        
        PID:16180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53668.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59061.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        6⤵
        
        PID:13996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        5⤵
        
        PID:9236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        5⤵
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        5⤵
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45927.exe
        5⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        5⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        5⤵
        
        PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7917.exe
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        6⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        6⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        6⤵
        
        PID:16156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
      4⤵
      PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20679.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53205.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        6⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        
        PID:10916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
        5⤵
        
        PID:16144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
      4⤵
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15637.exe
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        5⤵
        
        PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        5⤵
        
        PID:14744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53017.exe
      4⤵
      PID:16152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
      4⤵
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
      4⤵
      PID:9268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
      4⤵
      PID:15628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
    3⤵
    PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13889.exe
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
    3⤵
    PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51690.exe
    3⤵
    PID:15524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        6⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 724
        7⤵
        Program crash
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60309.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        5⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        5⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        5⤵
        
        PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4038.exe
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        5⤵
        
        PID:15220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25758.exe
      4⤵
      PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
      4⤵
      PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
      4⤵
      PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
      4⤵
      PID:9924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        7⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18207.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        5⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5766.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        7⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29249.exe
        7⤵
        
        PID:14676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        5⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        6⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59054.exe
        7⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24173.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        6⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        5⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        5⤵
        
        PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        7⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        6⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        5⤵
        
        PID:8912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        5⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
      4⤵
      PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
      4⤵
      PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
      4⤵
      PID:9036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42565.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        5⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        6⤵
        
        PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14520.exe
        5⤵
        
        PID:13436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20561.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
      4⤵
      PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
      4⤵
      PID:15436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
    3⤵
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        5⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14915.exe
        5⤵
        
        PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
      4⤵
      PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
    3⤵
    PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
      4⤵
      PID:15664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
    3⤵
    PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
      4⤵
      PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55257.exe
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
    3⤵
    PID:10052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
    3⤵
    PID:10244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20615.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        6⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5921.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14687.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        6⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        6⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        5⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        5⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        6⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        7⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        7⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        6⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        6⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        5⤵
        
        PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22173.exe
      4⤵
      PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
      4⤵
      PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
    3⤵
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
    3⤵
    PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
      4⤵
      PID:14660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
    3⤵
    PID:9784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
    3⤵
    PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
    3⤵
    PID:14640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
    3⤵
    PID:15776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
      4⤵
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        6⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        7⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65084.exe
        7⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        5⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1883.exe
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
        5⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39469.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
      4⤵
      PID:11672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
        5⤵
        
        PID:9852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13517.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
      4⤵
      PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
      4⤵
      PID:9796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
    3⤵
    PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
      4⤵
      PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
      4⤵
      PID:15880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
    3⤵
    PID:9276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
    3⤵
    PID:13244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
    3⤵
    PID:14404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
    3⤵
    PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42741.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        5⤵
        
        PID:16316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
      4⤵
      PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
      4⤵
      PID:15720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
    3⤵
    PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
    3⤵
    PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
    3⤵
    PID:12060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
    3⤵
    PID:14952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
    3⤵
    PID:17232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
  2⤵
  PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
      4⤵
      PID:10252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
    3⤵
    PID:14432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
    3⤵
    PID:16324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16324 -s 72
      4⤵
      Program crash
      PID:17256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
  2⤵
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
  2⤵
  PID:7728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
    3⤵
    PID:15000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
  2⤵
  PID:9584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65060.exe
  2⤵
  PID:12124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
  2⤵
  PID:13480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1634.exe
  2⤵
  PID:6856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
  2⤵
  PID:15856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49042.exe
  2⤵
  PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3448 -ip 3448
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3448 -ip 3448
1⤵
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3548 -ip 3548
1⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4972 -ip 4972
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1420 -ip 1420
1⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1080 -ip 1080
1⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 8456 -ip 8456
1⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 15700 -ip 15700
1⤵
PID:9444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe

Filesize
184KB

MD5
11851ca8b0a9cc0accdcac3ca21d1105

SHA1
1240af52bf9722e28e4426e367eee9de0acc6ea4

SHA256
eb515a6ed43353f4ed7cab8d90b5351b710908d705df39d7d92f336930f729cd

SHA512
32d29e659b9c839727931ab90fa2add77d8e3180355ccebdb385d958e846879cd0f10055d7da25d63029b1c98f7862ab64f8c364c07df3a2a491aa5e4d20d0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe

Filesize
184KB

MD5
61ffc464060f1570e3bea85b8ae46ae5

SHA1
b410e554f7bb89762c15485f29d3305964eade9b

SHA256
1e6b503388799d339af2141e645ce4844c18032ed0f66921397cce3bf414e62e

SHA512
38314719c9a20628e2adcd21b022319de3971216c47dc86c201b476a9782b8fa44bf279fad5a7700bbecabf181ed08bb25ce9091abb5c0c4fc72c2e6bdcab93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe

Filesize
184KB

MD5
e84d769bb4082f647fb1704cbfc675b7

SHA1
7cce6d22d5e32a5ab8f5a720ec3fae196f341511

SHA256
966240d5b2df81ab4c5b091889765645a7c6c3fbaa91527e0b6b9403065a0aae

SHA512
adf8b6a1d21f2ddc878986eabe4ce8344d13ca935f0f05523bbf4eb3cdca07e61184f84509bdf34c98145602d0406abfff60a0d4a8bf15a19f72671a38879ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe

Filesize
184KB

MD5
c1899f7178fd825ed56c19811842e94f

SHA1
4a1d6f3df8c91e991c9eb01b51042c4644003240

SHA256
b895d63a7a21ab2120f8362aa05555cf1c437aca5b7a84be872821d0b850356b

SHA512
ee67a408a3af662f8d9eb3015a68b0b4ec6a41c9117a5ea963a4f3db7e37911833bd1751d16dee18360f90c61d5cbdc53a87bd741b8d1ce14af66a8a2c14a5ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe

Filesize
184KB

MD5
5004b11c76e9212eba700d0ee3eb0fbe

SHA1
e3c4987d0ac86a6984088fa5e9151f726b6ffdb9

SHA256
6f5698ea958b98f74e3c12f75414e697d862872719fe019e89eb8f5298793780

SHA512
453d292efc5479a9d05d2f5aff0b5162a0f48c719ce14b06a06ff3d2f4b4fb5ec22868333e5b582926c46aae97381a01e055542acf4e826852d41d905212b823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe

Filesize
184KB

MD5
dc9e3e04a57c679e89bc489a29e2ee00

SHA1
b99153506b7db4bf2a8453baf85677f14bbf79fd

SHA256
7b7b49bd70a196fb2b8e7109ea65df3b912358f7aa5b1e188f69197bc8c513dc

SHA512
889d1006bec25e6cd483f141d67d7cbb41998e4500f51becdf0c46f1d64da4c9a5e488256878187d80b1d1ce40c141bd157b5a5c570638e5e9b1809e1b060a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe

Filesize
184KB

MD5
cc2b9afd2c115f3a6b3128601115dd2d

SHA1
e88e2ce4ccb901f84bcca954d2a8ce67614249f0

SHA256
c4d95001552a641f31ce7f05805a3d07897084b111596f208104d787a0c1cda1

SHA512
c81665ad5871b2b232cef0cc58c646740120cfb79b161d9e5cc47d65c080a0aff618874556f58907e83954f5bffd004365f1ed48f2f790bdd4854c0f92eb7a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe

Filesize
184KB

MD5
bfac21c81563e20cf244146b345e083f

SHA1
1ccc4a9d0a544d82be3caf47e31c22f19376449c

SHA256
b45d149c2f789dc1056f0a2a55806989e12ab04ee63dbd5bc249eec9d5c0626e

SHA512
938ca95d2d6d3e3617a77d9692cdf1bd3213927c91a399bed8d6c968be51ce892a2abdc89059060b72e0cc146b2afbdd4542fda102e64e13a3ce8faecbeef7a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe

Filesize
184KB

MD5
f675e257e8b55e00c4b45bd7f544533b

SHA1
947f1041e71fda608fb37ffa4bf4ca712d821e82

SHA256
80b376eb67ec2ccd43949ec7999b13d6fe823621497b9b7565ffc9aad28bb2ad

SHA512
3d1e5832297456da5630ed5a3ac21b4f62321cb2af1125aa6c14cdb08699bb3eb098d45f70ae32769477033e99f1950c8f42d4ebd8bf8404089e3a6a4cd28cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe

Filesize
184KB

MD5
7a6b4ec39dc749581ecbfb8ecd8d74e8

SHA1
08c6b1a0ca7d019bf99ccbd0dc9de08b2b06f0ee

SHA256
ff34369d8e5364ddb558057f13e92fa6aa69c790ad28243bd27c79e4431e0337

SHA512
f6b38dbac408cd3fda83a1596d5f1ac65373bd6bf67f725921edc22f15f296a260b4575767f5a0ee7eb5a18a26f2af723681737822be4ada9cbb30456ae7596d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19620.exe

Filesize
184KB

MD5
5a4f6e50a5c643f69512d2733e7c5768

SHA1
eb29eba9ebc0e43607a815e5196e182ddb85df84

SHA256
3a9ce59febc76b76ae905de3b676acb848f4dbc6f3d9fcf90e320dcfc214d686

SHA512
0b5fbfe3a9fc38d18337421156ef88d6eaaa2db21788b6a9a0d3a345cabf0f0b14b1b23b0f8b5ab40faf8cf4ec358df6b5ce14272d1c85d9f86c71582680311f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe

Filesize
184KB

MD5
809516273fab36e6e1e2f0ad5befc008

SHA1
c441b00f88ef143bbfb6b35d4582984a6f73b3c8

SHA256
5d4f053bfc45fe3e06cc7ef842d7030cf2f3bf659cea7a6090c85f2500012f9a

SHA512
d459e41a624b37df0c98631ceb10b5052d08e4c380f31cf54c8ec8642fb696bc5c23074d81e6ad6fb1b186e456e6992d0f2ba66f15e37da243520a83f7e21a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe

Filesize
184KB

MD5
b049f4cbfa2f768da57339d9eec346b1

SHA1
4364d1b9ffa824ff231e975d192e36ae74317b60

SHA256
6d5966ab5cd6c2a8657da98eda7781bb73ddb2b5317e65cfcb3027ff4841cc2c

SHA512
160fdb65abe6043866ba984dfcc7a4f7728965e84a9509a35cc171a5fe2918785c58ee48b0c80284717a63b6f4b3dd633c3aff630225c40a805eb2dd204a67ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe

Filesize
184KB

MD5
08745a62bc7c52cc530e279fc193c99f

SHA1
d6885423c0c0f128ffe828d3d90b5d217d3ee520

SHA256
98bcf7172ebcd24374d4d31b5da9df25fe1c1b8df517965bada7301e4bd8b3d7

SHA512
a0ecd6a98bfded079d157029600da90c4cb805332021e6d01bdad9716f21d0a25c4cf5d15e938084d1265411399fa139d257cceaa870df2bfb6857be3b6cdb25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22395.exe

Filesize
184KB

MD5
06dc226ab8831992b130faac015c1426

SHA1
acd4d335ca68614c01d8c129ddbae844e9aa1dc3

SHA256
d04fb5e36904f6f735f46add2f384fb1a2ce48b399b6b488c65b11577637e9bd

SHA512
c8b4661c1cebdb83a47ba6f7a2000c1917825a346e17cff970079874a4033cff7fe402423addfa92597fa9bed0229d33cda9d6eada1874ce8674115a51de2fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe

Filesize
184KB

MD5
4afb5cab1ce601a4b00ce1bb183548f3

SHA1
abf721494509987dd60708f4ac0ac52607b15617

SHA256
aa64d9aee126ceb4da1f6dcddc27c18a6364215d90c92f29f2b3c41a17c8a095

SHA512
a8c934da7f2e6424a01a4d73c096c1e149193b9b43977c125473534a5b3ee2ac49b87702a74693f6bc3d74ea4e556dc923323b09f83ee374072b1dd15ba1a5ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe

Filesize
184KB

MD5
6525461639fd6c2aa525e1d4279c0a18

SHA1
61c3de9bdf775ecd06369429efc1e38f59822fd2

SHA256
21920e5cb776b51eaeea19bb48b07121a12e044524321bd711659edda8ab3b7b

SHA512
e586797cd8e5b893ea70ce35488ae2126fcb41b8f353bd4bd0a50832127893daef0fcf9a39985d21ca0e5a3c12f35d824a41ad93bb67a46f2195ac9976274bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe

Filesize
184KB

MD5
288ac6bdea71edd8b005b3c890d3dfe1

SHA1
322b7fc211a50341bb7821f931aaebbb5da697fe

SHA256
fd4a74aec650f1b064977c9240717afadc5393c7cc43d1eb223f9baa7e90fd27

SHA512
2c5c84037994b9adac49723461fe3caa3a7a48a28db2b9382b4f43bbd1539a23706cbe90e9a921d5caf01252105c7bf050cffe0317da1cf1350fb6af316d2ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe

Filesize
184KB

MD5
203b44a6784e41833ba4d8795884148b

SHA1
ee43edceb7c74e940c5e482ad520249da271e12b

SHA256
7c9f45ae721305b1efdea143b24ce5360f2e9a476d3c29c5562e73d1d31bb11e

SHA512
7f477f259e6ba66160bfd2bbcdb96ae123ed7aa1f25814e39edf8b0ce7df54c6219b08a15ff964af897a44294395238e88a76f047fb41293e5c2ad7c27cc26b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe

Filesize
184KB

MD5
1a79c34296d27b0fbc40dcfe19b05947

SHA1
61b8187711ac75f6be87c55145b6361783bb98cc

SHA256
567d16115d3a30dbd70f4589ab2f0f83490d43c2e3935dd5decba09c0b2f083d

SHA512
ffc532fb15bd31a97a1c4cd1fb6162b895201fa3c06740294c95148557a5948f69357709f0d4ff702ee0aaa2963e438bd2bb8c16585f9e19c1af73bde0cdd62e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe

Filesize
184KB

MD5
02e79f64703b318b1123b706d7de98b5

SHA1
440bf73b995e6a189e133ac9d4d6c6df8fdaccc5

SHA256
13000e2a49a1e9a9e7b0a47778ce62e2e6ef1e597c681e5ab3c02f7c33c64eea

SHA512
2ba916624fa416ecfc141345edc752c1e990936c8bb2ecb2662e321e6deb36aa3bbdbc1ec2ee1373cf70407350448c556a39d803b174aaf07e6a9360246b5ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe

Filesize
184KB

MD5
efe4be72fdbc23cb048a19205fa218f1

SHA1
91dec39e10bb43b9eb5113ff474ad27c627ea1ca

SHA256
2c043df6dc283898f94c9541a809de6548327d65fca61416c7b8dd4607d3f0fc

SHA512
87c76f8674acc86ddc98cfc89634129b7e46c60878a00d5c526cdcd045733d7a3affdb426ec86fe8e879963627d08442ba87f2957817a4b6c2cf9cb15093a724

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe

Filesize
184KB

MD5
4085a272fa6da1fa729af5a68cb89541

SHA1
dd4124da2a43a2cfdf0d5ac410a6037140afb859

SHA256
d49c8cd37d348c3572e9fd588bbdfaaf393815365d0b07610ab822c87cb75ef5

SHA512
93ed1c3178a7849df17aee327c5ca23fb03ff1c87f54cd76bbd39a12d3c42226ed98c19b039006b1f28c9d9347c2f541c7da2b1cb2053f8ef226dfaa6ae4ed0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe

Filesize
184KB

MD5
741adadf201350fcae6c5c27032d9d16

SHA1
3e596e18480a76b97b86d007b92a648fd243f9cb

SHA256
cf4b7dd29738507bf93fb4fb67e13e157c7e8403d129cc24b16ce0c2fb407d8d

SHA512
2072f06b1b215968d734ea47fb3aa36142036f738c371687f449abf33ba3f502b04333a4ae9c3c59606e0fc001e07989a84f31b9c9995421463923c7d9512d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe

Filesize
184KB

MD5
5c8ea4960c5403d0ba1283f3d013ae97

SHA1
106a460dd0b43cdebf2f07453e703ae1555614c9

SHA256
97f68023f55f5b798e0bd9f3ed64c9d8b5834158c938617fbec2a55458ad528f

SHA512
e7275f294ba419af227c5145aab782291a4f14205ca9412bf21fe2d4a3795f174b09fe4014a474336bd8c04e99ce85c973844242e4078e96a1b9eaefd0dce483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe

Filesize
184KB

MD5
ef76be619a4f7702977475eadcd37eef

SHA1
56ecfee948f091654f88b2c6f9f61c0d9a1c6680

SHA256
d1c0a3510eecdafb12169380cc1e7581f39651f63267b69dec78dc09a6f552ff

SHA512
2283f018800c05e8ae5a3b660446fcd8d0f97cb7db2b8de89bce0f966337a9a3e1e84a9426715e071ef17f333c778eae6121f8dac5ec062659bf903dfaa9e244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe

Filesize
184KB

MD5
1009e696f22d6f9fe212eb2be365135c

SHA1
d35575eb67fb3ab59ed0ae34a780a3ff67d8272a

SHA256
1a6bbcf7c4e47b17fc043ab0f997c4f13e5dc3259ae1fb26a9f6d5a2e170d40b

SHA512
515a1275864de68eb7b76c4c86d35c0e1c76495ca93b45b4c47402d39cb97cc77e2e083a95ff33d610cd39c769bb039ae0851c6ba903e155bc82886673363e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe

Filesize
184KB

MD5
8ba615efccc86c0888dac02fa9446ab1

SHA1
597950be1f7d3b299046503ac37c8a515a8ebb47

SHA256
c288e5d6b97fb7a6364467731536c9047b5eed94986d764279bc01f18ccb40f8

SHA512
0cd8c86fe684628505aa126b0bcda5c19edcdc4bbb7bba74273829649d2454c3fa5c4d19abdfe4545399b13d21645472c9b0dc4806fe82de7747fa3893db5a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe

Filesize
184KB

MD5
e3cbdc9fa0512c558818849c88f98429

SHA1
5b9a4d72f7a2512c79fb8731c6370ae93628d807

SHA256
a9fab57e4ab2a291ef7376a7398bc27a9cad65c47a2907a2d1d1a3a352ed7eb0

SHA512
c70f7960e09cfd01cc00f60ca58638e82aa060fde920b0d7041555a3a3f9603646bd6441f32073fc11eb3402529a6500a64ce6d053be3d104290f3a2870ba52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe

Filesize
184KB

MD5
efe7a27773a9679e21e0dfef88190d0e

SHA1
f62078ceeafa157f0cebd2c87122c980fdf1b015

SHA256
ee4a24857847f6270e76095b11ae5aeba1e80392702b4051c60423e0bcc06aa5

SHA512
f8df55130b287a6c8d731883bf43e5c0db8240b1c138173f28a5401d1a1f384a10842a84a730f3751f0a795545bd832f794675041add9e6ad838ffe0230a2f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe

Filesize
184KB

MD5
a37ed9a8420d935195c5f02fb7138f8a

SHA1
a7106b58c327cb0ecb08098b9398327af159437c

SHA256
fabda734efea88e7524b9ffe8fb53929d5438eaeeeba81256fd0305f910f8d39

SHA512
2a70f5a3f6dc23b89ddd5a83c6c7e6db612f08821226bf42ec69597e50674b4324bbad6a33834b0df906417c46b3be63235cff5f8e51757545ef1dfd2d347ea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe

Filesize
184KB

MD5
03dfd8b3c8185ef0d7d2c777cd5cc110

SHA1
78742578810fddce38fe78babb9bdab040843f84

SHA256
d595d0726dc5d0b8002c9eaf98705da646c2c8766ac4f83c6e1fb407d26ad2c2

SHA512
2f57d45e8f4a8ff71b46211830d458587c180924aa0cbe7d5577e6e9513b51fbc0f541847291244739ba7186c59a0343f1078198921f526a9143185515b8dfe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe

Filesize
184KB

MD5
2bd8b4f2a5e2f96160e60ffeacc67de2

SHA1
ed866a370968cbf4d480c94b3d1f56924370c66d

SHA256
95b6b8aebfc4439cb33e2a001fab8a9dd6ecca01f01abb0fdb06a10b90eb28dd

SHA512
87c072ce471381a9c8f87ab0523f17f33b6e70255784f53acc2d737423c204b22f359f33595640609fb9a7082186262255b7b80042c6b7fb26b14dbd1070fb2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe

Filesize
184KB

MD5
83bc0f05d7856df18ea98e8456842202

SHA1
667329d2aad504531921d6c6f1b795f489cb30cb

SHA256
87c33e6126acaa89171f436bc908e9402134644fce3b358033f838640b7649ed

SHA512
710ede31f3bad012d82571764369a36f04e7946bc5c840f41a782648e56b6bf3e5bf64c128eb909d729c57d5e7d46a70d05a4ee088475a16333363559d209bea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads