9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe
Size

468KB
MD5

8340a5b798ed4adfecb8ae42592ba680
SHA1

d0008f839d1df39b6641ed688df771b1b2544979
SHA256

9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41
SHA512

9e48e0aba157cd1cfa1bae2e612b25bd0ac2dff6d1ebdb515d1a284e98eff64938065bbfa9b8ce9b96e43361916537c0666d852815cce3ce11d278cafbf458cb
SSDEEP

3072:abACogldI03YtbY2yzcjyfT/fChh4Ippn1HCOVh8peNLMSFNiJlH:ab1o1OYtBy4jyfX0ivpepHFNi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2412	Unicorn-39093.exe
3748	Unicorn-8532.exe
2620	Unicorn-29507.exe
4320	Unicorn-10644.exe
60	Unicorn-49439.exe
696	Unicorn-35703.exe
4640	Unicorn-46332.exe
996	Unicorn-42845.exe
1664	Unicorn-6643.exe
3104	Unicorn-26509.exe
4740	Unicorn-5896.exe
436	Unicorn-28546.exe
3728	Unicorn-9715.exe
3260	Unicorn-31553.exe
5088	Unicorn-25422.exe
3148	Unicorn-16369.exe
4824	Unicorn-21007.exe
3440	Unicorn-44765.exe
2424	Unicorn-22298.exe
3488	Unicorn-28429.exe
1308	Unicorn-53488.exe
1548	Unicorn-15985.exe
2764	Unicorn-15985.exe
4524	Unicorn-52171.exe
4880	Unicorn-61101.exe
4732	Unicorn-41235.exe
1780	Unicorn-3467.exe
4328	Unicorn-2396.exe
4916	Unicorn-31731.exe
5056	Unicorn-51597.exe
4980	Unicorn-59500.exe
2256	Unicorn-51405.exe
2264	Unicorn-34877.exe
1456	Unicorn-36915.exe
3228	Unicorn-42853.exe
2532	Unicorn-2375.exe
5012	Unicorn-48281.exe
5092	Unicorn-20055.exe
5116	Unicorn-27669.exe
1096	Unicorn-28223.exe
2828	Unicorn-48089.exe
3756	Unicorn-19309.exe
4236	Unicorn-23128.exe
3236	Unicorn-23393.exe
4364	Unicorn-2780.exe
4296	Unicorn-59387.exe
2900	Unicorn-6864.exe
4776	Unicorn-49935.exe
4032	Unicorn-30599.exe
3444	Unicorn-36199.exe
2260	Unicorn-25238.exe
968	Unicorn-31369.exe
1428	Unicorn-6864.exe
1608	Unicorn-19671.exe
2124	Unicorn-55747.exe
2928	Unicorn-61877.exe
3352	Unicorn-29013.exe
2232	Unicorn-8400.exe
824	Unicorn-29567.exe
3032	Unicorn-61685.exe
2024	Unicorn-4871.exe
3816	Unicorn-18606.exe
932	Unicorn-24737.exe
3948	Unicorn-15806.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
5324	3352	WerFault.exe	149
7048	5996	WerFault.exe	228
15648	14268	WerFault.exe	673
17264	14196	WerFault.exe	668
17224	16932	WerFault.exe	810
16456	16120	WerFault.exe	836

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	17208	dwm.exe
Token: SeChangeNotifyPrivilege	17208	dwm.exe
Token: 33	17208	dwm.exe
Token: SeIncBasePriorityPrivilege	17208	dwm.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe
2412	Unicorn-39093.exe
2620	Unicorn-29507.exe
3748	Unicorn-8532.exe
4320	Unicorn-10644.exe
696	Unicorn-35703.exe
60	Unicorn-49439.exe
4640	Unicorn-46332.exe
996	Unicorn-42845.exe
1664	Unicorn-6643.exe
3104	Unicorn-26509.exe
4740	Unicorn-5896.exe
3728	Unicorn-9715.exe
436	Unicorn-28546.exe
3260	Unicorn-31553.exe
5088	Unicorn-25422.exe
3148	Unicorn-16369.exe
4824	Unicorn-21007.exe
3440	Unicorn-44765.exe
3488	Unicorn-28429.exe
2424	Unicorn-22298.exe
4524	Unicorn-52171.exe
2764	Unicorn-15985.exe
1308	Unicorn-53488.exe
4880	Unicorn-61101.exe
1780	Unicorn-3467.exe
4732	Unicorn-41235.exe
1548	Unicorn-15985.exe
4328	Unicorn-2396.exe
5056	Unicorn-51597.exe
4916	Unicorn-31731.exe
4980	Unicorn-59500.exe
2256	Unicorn-51405.exe
2264	Unicorn-34877.exe
1456	Unicorn-36915.exe
3228	Unicorn-42853.exe
2532	Unicorn-2375.exe
5012	Unicorn-48281.exe
5092	Unicorn-20055.exe
5116	Unicorn-27669.exe
2828	Unicorn-48089.exe
1096	Unicorn-28223.exe
3756	Unicorn-19309.exe
4236	Unicorn-23128.exe
4296	Unicorn-59387.exe
4364	Unicorn-2780.exe
3236	Unicorn-23393.exe
2900	Unicorn-6864.exe
4776	Unicorn-49935.exe
1608	Unicorn-19671.exe
3444	Unicorn-36199.exe
2260	Unicorn-25238.exe
4032	Unicorn-30599.exe
1428	Unicorn-6864.exe
968	Unicorn-31369.exe
2124	Unicorn-55747.exe
2928	Unicorn-61877.exe
3352	Unicorn-29013.exe
2232	Unicorn-8400.exe
824	Unicorn-29567.exe
2024	Unicorn-4871.exe
3032	Unicorn-61685.exe
3816	Unicorn-18606.exe
220	Unicorn-4124.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 2412	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	88
PID 3888 wrote to memory of 2412	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	88
PID 3888 wrote to memory of 2412	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	88
PID 2412 wrote to memory of 3748	2412	Unicorn-39093.exe	91
PID 2412 wrote to memory of 3748	2412	Unicorn-39093.exe	91
PID 2412 wrote to memory of 3748	2412	Unicorn-39093.exe	91
PID 3888 wrote to memory of 2620	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	92
PID 3888 wrote to memory of 2620	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	92
PID 3888 wrote to memory of 2620	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	92
PID 3748 wrote to memory of 4320	3748	Unicorn-8532.exe	94
PID 3748 wrote to memory of 4320	3748	Unicorn-8532.exe	94
PID 3748 wrote to memory of 4320	3748	Unicorn-8532.exe	94
PID 3888 wrote to memory of 60	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	95
PID 3888 wrote to memory of 60	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	95
PID 3888 wrote to memory of 60	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	95
PID 2412 wrote to memory of 696	2412	Unicorn-39093.exe	96
PID 2412 wrote to memory of 696	2412	Unicorn-39093.exe	96
PID 2412 wrote to memory of 696	2412	Unicorn-39093.exe	96
PID 2620 wrote to memory of 4640	2620	Unicorn-29507.exe	99
PID 2620 wrote to memory of 4640	2620	Unicorn-29507.exe	99
PID 2620 wrote to memory of 4640	2620	Unicorn-29507.exe	99
PID 4320 wrote to memory of 996	4320	Unicorn-10644.exe	100
PID 4320 wrote to memory of 996	4320	Unicorn-10644.exe	100
PID 4320 wrote to memory of 996	4320	Unicorn-10644.exe	100
PID 3748 wrote to memory of 1664	3748	Unicorn-8532.exe	102
PID 3748 wrote to memory of 1664	3748	Unicorn-8532.exe	102
PID 3748 wrote to memory of 1664	3748	Unicorn-8532.exe	102
PID 696 wrote to memory of 3104	696	Unicorn-35703.exe	101
PID 696 wrote to memory of 3104	696	Unicorn-35703.exe	101
PID 696 wrote to memory of 3104	696	Unicorn-35703.exe	101
PID 2412 wrote to memory of 436	2412	Unicorn-39093.exe	103
PID 2412 wrote to memory of 436	2412	Unicorn-39093.exe	103
PID 2412 wrote to memory of 436	2412	Unicorn-39093.exe	103
PID 60 wrote to memory of 4740	60	Unicorn-49439.exe	104
PID 60 wrote to memory of 4740	60	Unicorn-49439.exe	104
PID 60 wrote to memory of 4740	60	Unicorn-49439.exe	104
PID 3888 wrote to memory of 3728	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	105
PID 3888 wrote to memory of 3728	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	105
PID 3888 wrote to memory of 3728	3888	9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe	105
PID 4640 wrote to memory of 3260	4640	Unicorn-46332.exe	106
PID 4640 wrote to memory of 3260	4640	Unicorn-46332.exe	106
PID 4640 wrote to memory of 3260	4640	Unicorn-46332.exe	106
PID 2620 wrote to memory of 5088	2620	Unicorn-29507.exe	107
PID 2620 wrote to memory of 5088	2620	Unicorn-29507.exe	107
PID 2620 wrote to memory of 5088	2620	Unicorn-29507.exe	107
PID 996 wrote to memory of 3148	996	Unicorn-42845.exe	108
PID 996 wrote to memory of 3148	996	Unicorn-42845.exe	108
PID 996 wrote to memory of 3148	996	Unicorn-42845.exe	108
PID 4320 wrote to memory of 4824	4320	Unicorn-10644.exe	109
PID 4320 wrote to memory of 4824	4320	Unicorn-10644.exe	109
PID 4320 wrote to memory of 4824	4320	Unicorn-10644.exe	109
PID 1664 wrote to memory of 3440	1664	Unicorn-6643.exe	110
PID 1664 wrote to memory of 3440	1664	Unicorn-6643.exe	110
PID 1664 wrote to memory of 3440	1664	Unicorn-6643.exe	110
PID 3748 wrote to memory of 2424	3748	Unicorn-8532.exe	111
PID 3748 wrote to memory of 2424	3748	Unicorn-8532.exe	111
PID 3748 wrote to memory of 2424	3748	Unicorn-8532.exe	111
PID 4740 wrote to memory of 3488	4740	Unicorn-5896.exe	112
PID 4740 wrote to memory of 3488	4740	Unicorn-5896.exe	112
PID 4740 wrote to memory of 3488	4740	Unicorn-5896.exe	112
PID 60 wrote to memory of 1308	60	Unicorn-49439.exe	113
PID 60 wrote to memory of 1308	60	Unicorn-49439.exe	113
PID 60 wrote to memory of 1308	60	Unicorn-49439.exe	113
PID 3728 wrote to memory of 1548	3728	Unicorn-9715.exe	114

C:\Users\Admin\AppData\Local\Temp\9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9356626a426bb1d2f854ac9b60eed299c283850ef25f633781bd4852cc9adb41_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        8⤵
        Executes dropped EXE
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        10⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        11⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        11⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        10⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        10⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        9⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        10⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        9⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        9⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
        9⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        8⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        8⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        8⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        9⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        10⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        10⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        10⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        9⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        9⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        9⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        9⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        8⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        9⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        8⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        9⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        9⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        8⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        8⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
        7⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        7⤵
        
        PID:17172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        7⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64441.exe
        9⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        10⤵
        
        PID:16000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6427.exe
        10⤵
        
        PID:17532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        9⤵
        
        PID:15724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        8⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        8⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        7⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        8⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10279.exe
        7⤵
        
        PID:16712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        8⤵
        
        PID:16532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40636.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        7⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56547.exe
        7⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        7⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
        7⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        7⤵
        
        PID:17732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50564.exe
        6⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        8⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        9⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        9⤵
        
        PID:17620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        8⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29444.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        9⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        9⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        8⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        7⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        9⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        9⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17719.exe
        8⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        6⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        7⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        7⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63247.exe
        7⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
        6⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        6⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59537.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
        9⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        9⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        9⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        8⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        7⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        7⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        8⤵
        
        PID:15800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        7⤵
        
        PID:13084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
        6⤵
        
        PID:12304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        8⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        7⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        7⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        6⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        6⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        7⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        5⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
        6⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        6⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        5⤵
        
        PID:11868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        9⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        9⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21491.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        9⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        8⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        8⤵
        
        PID:17492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        7⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        8⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        9⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        10⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        9⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        8⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        8⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        8⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47996.exe
        7⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        7⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        6⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        6⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        8⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        7⤵
        
        PID:14624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        7⤵
        
        PID:18420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12951.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        7⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        6⤵
        
        PID:9412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        6⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        5⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15679.exe
        8⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        7⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        6⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45612.exe
        6⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
        5⤵
        
        PID:13420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        7⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        7⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        6⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        6⤵
        
        PID:14268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14268 -s 436
        7⤵
        Program crash
        
        PID:15648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        6⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 488
        7⤵
        Program crash
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7331.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
        5⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22677.exe
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        7⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39364.exe
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        5⤵
        
        PID:16024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30269.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        6⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        7⤵
        
        PID:16216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        5⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        5⤵
        
        PID:14688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        5⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44341.exe
        6⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
        6⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
      4⤵
      PID:9584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
      4⤵
      PID:14168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        7⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        9⤵
        
        PID:13992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56535.exe
        9⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        8⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        8⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        8⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        7⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
        7⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        9⤵
        
        PID:15816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        9⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        8⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        8⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        8⤵
        
        PID:17676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        7⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        7⤵
        
        PID:15064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        7⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        6⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        8⤵
        
        PID:15168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        8⤵
        
        PID:17612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        7⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        7⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        7⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        6⤵
        
        PID:11112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        8⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        8⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        7⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        6⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        5⤵
        
        PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        8⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14747.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        7⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        6⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7968.exe
        7⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        6⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
        5⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
        6⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        6⤵
        
        PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        5⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8927.exe
        5⤵
        
        PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2500.exe
        6⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        7⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        6⤵
        
        PID:13596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        6⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        5⤵
        
        PID:11152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        5⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        5⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        5⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        5⤵
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42025.exe
      4⤵
      PID:14916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        6⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        8⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        7⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        7⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        8⤵
        
        PID:14892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        8⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        6⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28733.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28417.exe
        8⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59288.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28124.exe
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        7⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1467.exe
        5⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        6⤵
        
        PID:16188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        5⤵
        
        PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59427.exe
        7⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        7⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        6⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        7⤵
        
        PID:16916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29546.exe
        7⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        6⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        6⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        5⤵
        
        PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        6⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        7⤵
        
        PID:16772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        6⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17279.exe
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        5⤵
        
        PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
        5⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        5⤵
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
      4⤵
      PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23933.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        7⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
        6⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        6⤵
        
        PID:11572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        5⤵
        
        PID:13556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        6⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14347.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        5⤵
        
        PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        5⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        6⤵
        
        PID:16932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16932 -s 72
        7⤵
        Program crash
        
        PID:17224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        6⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7435.exe
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        5⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        5⤵
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
      4⤵
      PID:14604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
      4⤵
      PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        6⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        7⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        6⤵
        
        PID:10956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        6⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
        6⤵
        
        PID:16120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16120 -s 80
        7⤵
        Program crash
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        6⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        5⤵
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1851.exe
      4⤵
      PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        5⤵
        
        PID:10100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
    3⤵
    PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
      4⤵
      PID:10472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
      4⤵
      PID:15324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
    3⤵
    PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
      4⤵
      PID:18404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
    3⤵
    PID:9848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41287.exe
    3⤵
    PID:13716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59905.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        9⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        9⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        8⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        8⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4850.exe
        8⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        7⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9843.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        7⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        7⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        7⤵
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52107.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        6⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        8⤵
        
        PID:13968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        7⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        7⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        6⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        7⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        7⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15654.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        6⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        6⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        5⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        6⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62572.exe
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        8⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        8⤵
        
        PID:14260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        7⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        7⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        7⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        6⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        7⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        6⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24040.exe
        6⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        5⤵
        
        PID:14196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14196 -s 464
        6⤵
        Program crash
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        5⤵
        
        PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        7⤵
        
        PID:13744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        6⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        5⤵
        
        PID:7616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
        6⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        6⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
        5⤵
        
        PID:8796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        5⤵
        
        PID:9840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
      4⤵
      PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        5⤵
        
        PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      4⤵
      PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
      4⤵
      PID:10356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        8⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        8⤵
        
        PID:17632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        7⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        6⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22345.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        7⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        7⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10314.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        7⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        6⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23144.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41495.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        7⤵
        
        PID:14584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        6⤵
        
        PID:13468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3566.exe
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
        5⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8660.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
        6⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3058.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        5⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        5⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
        5⤵
        
        PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32779.exe
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
      4⤵
      PID:14000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 720
        5⤵
        Program crash
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        5⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
      4⤵
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        5⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        5⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
        5⤵
        
        PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
      4⤵
      PID:4448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
    3⤵
    - Executes dropped EXE
    PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        5⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        6⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
      4⤵
      PID:16696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
      4⤵
      PID:10756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      4⤵
      PID:8712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
      4⤵
      PID:9772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
    3⤵
    PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
      4⤵
      PID:17848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
    3⤵
    PID:14156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:60
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        6⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
        8⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16982.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        7⤵
        
        PID:14048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        7⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        8⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        8⤵
        
        PID:17704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        7⤵
        
        PID:17724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        6⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
        7⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        7⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        6⤵
        
        PID:13668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31525.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26178.exe
        7⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        7⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
        6⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        6⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        7⤵
        
        PID:17768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        5⤵
        
        PID:11536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        8⤵
        
        PID:17448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        7⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        7⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        6⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        5⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        5⤵
        
        PID:17804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
      4⤵
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6252.exe
        6⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        7⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57811.exe
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        6⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22214.exe
        6⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19763.exe
        5⤵
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
      4⤵
      PID:11880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
      4⤵
      PID:10532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        7⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14170.exe
        7⤵
        
        PID:18384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        6⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        7⤵
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50160.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        6⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41871.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        6⤵
        
        PID:10656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64812.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
      4⤵
      PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46024.exe
        6⤵
        
        PID:12980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        5⤵
        
        PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        5⤵
        
        PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
      4⤵
      PID:11300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
      4⤵
      PID:17048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
      4⤵
      PID:9548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        6⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        5⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61841.exe
        5⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        5⤵
        
        PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
      4⤵
      PID:9476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22207.exe
      4⤵
      PID:18364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5395.exe
    3⤵
    PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
      4⤵
      PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
        5⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
      4⤵
      PID:14952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
      4⤵
      PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
      4⤵
      PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
    3⤵
    PID:12144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
    3⤵
    PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
    3⤵
    PID:4348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        6⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        7⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12939.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        6⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        5⤵
        
        PID:15516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        5⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
        5⤵
        
        PID:12296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22189.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        6⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        5⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
      4⤵
      PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
      4⤵
      PID:16908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
    3⤵
    PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        5⤵
        
        PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
      4⤵
      PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61472.exe
    3⤵
    PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
      4⤵
      PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
      4⤵
      PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
    3⤵
    PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
    3⤵
    PID:15776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28489.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        5⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        6⤵
        
        PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        5⤵
        
        PID:14868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        5⤵
        
        PID:18428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64176.exe
      4⤵
      PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        5⤵
        
        PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
      4⤵
      PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
      4⤵
      PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
    3⤵
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
      4⤵
      PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        5⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        5⤵
        
        PID:716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
      4⤵
      PID:15352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
      4⤵
      PID:7844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
    3⤵
    PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
      4⤵
      PID:17712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
    3⤵
    PID:12060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
    3⤵
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34441.exe
    3⤵
    PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
      4⤵
      PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        5⤵
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
      4⤵
      PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17753.exe
        5⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
      4⤵
      PID:14668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
      4⤵
      PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        5⤵
        
        PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
      4⤵
      PID:12640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
      4⤵
      PID:11088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
    3⤵
    PID:9624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
    3⤵
    PID:16352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
    3⤵
    PID:17660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
  2⤵
  PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
    3⤵
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
      4⤵
      PID:13712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
    3⤵
    PID:11028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39059.exe
    3⤵
    PID:15884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
    3⤵
    PID:17436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
  2⤵
  PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
    3⤵
    PID:14908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
    3⤵
    PID:17752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
  2⤵
  PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
  2⤵
  PID:14880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
  2⤵
  PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3352 -ip 3352
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5996 -ip 5996
1⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 14268 -ip 14268
1⤵
PID:14648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 14196 -ip 14196
1⤵
PID:16868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 16120 -ip 16120
1⤵
PID:3580

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:17208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe

Filesize
468KB

MD5
837f9d8a0aafbeb637e4ca017b1b6a3d

SHA1
e28c9dde41c7b8a6a181d382b9f36e1f54309bc3

SHA256
e528288c7ad7dde0572b81ec3de4890db81caba888a26b2534945deb24e155fb

SHA512
3481d5b2bbec81765f334ffab742c50fce9c70b7b796d5d429904b1acafaa102523e43eb812dfd651b83822d7c11116ed3c736017b105f30be90492fd8e64521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe

Filesize
468KB

MD5
6ab8a0a9cb5edc8d96ac062823cb97c2

SHA1
7fa378fe5bc05ff9d2e9abbd597cbdba3ece76a7

SHA256
080491725162e6dd9431f4414dfbbea907beb22f8f2441ba629fa36265daceed

SHA512
97e9c93897073d1321eecc5890189697997352fe928d209c66862fb98e0ef58d6ae4de735c496a3b01cc9d24fbbf4927da1f7863af77599a2c4df4f4f4425fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe

Filesize
468KB

MD5
bf432e460363398150983ae54df80848

SHA1
3ade02af51c0500f55a5b62868309713b33050ea

SHA256
642007c45b05b46c2a0e2f6e9dae20950fe6067dcdb32619754dc0f90393edaf

SHA512
354ca8c153bc6853d696744eb771e9b8c14c00d746bdea407779577be1ba799866a9418abb179ea5be157176baec64d9921fec1f11cb3b6e2203d047aebac686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe

Filesize
468KB

MD5
701146cb7255fd545747c6850d555037

SHA1
81a2bf901477d18747f79810fb76af9d968e55eb

SHA256
ed986dea1b1c570d4d1dfc4e57dc33eadd1cd9b049b953cfe71dac4bdc3081fb

SHA512
60f2f2dda427b329aa0b3e0835e88cf17bce635d828ebb5f3afa999b82470365f36ce44dd7d51cbc1367ea3553c0dce23b82b48013e62425519de5b8cf4fcdc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe

Filesize
468KB

MD5
5f8884402c61240ede161270696d362f

SHA1
f43be583e2eb4744dc6d54cd217dc4cec90f2b26

SHA256
191b84a64e38a07814103a1b787ac99db635c6f4176ee31120699ca0a3d56278

SHA512
f898784f614bbc96db6d29180415545d2268fbb243ec839bdd32571c779fe0124c5beebf0c29808c5e525e46ff78e98f62c1ca2c55a6b8a8715b7fd9da34fe32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe

Filesize
468KB

MD5
885873d164da0a17e1905865f444fc05

SHA1
9fc142efd43d0caa7a923dbf9fbf41a1dea038e8

SHA256
a8aa81fd316140609f8b39da0a546d6b5dec314e6537089b830f51babf2aeaa3

SHA512
0718480a6dac94763a5697865ecffa66869d18bc26d0e087c86b1c705a46b7679dbc5440557348cdc305fa1fde754844fbe78902a995e709bf30b66da81d49c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe

Filesize
468KB

MD5
c5bddc6ac38b7bc3bdc1389b92004075

SHA1
63c3ea7118fd300126fc1d48477723d3b4966a0e

SHA256
9b64200256c1933ea2084b53af9aeb50af66aa51350489d399756752aca734e2

SHA512
8049733c8f00b65296b1b77ad6cbcc5b59b49f819985e4d11f243bfb14d206b6c01366a7776532c35ec696d3ce9c274b9f44efe8399d6a22140b7eef3768dad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe

Filesize
468KB

MD5
728cafe59e8fee4181f2419d81975f3e

SHA1
cfb95d4dd0d394add7e84956e6dc2d67c124dee2

SHA256
9836d56da87143fc311262540eccbffabd15c921a69644528026180aff357bca

SHA512
24d5f56cc22a9e212a7b2aad2a03d87bffa92ccf183802a901c684d0f4d78e5ab3dc9098bb7d2f2c029107e0c40ae9ae263532ac9021743884248cd40cefc19a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe

Filesize
468KB

MD5
d9f2a65a8432dc61c342e15feec2e931

SHA1
99b50440716df952cd9699930a1342be1d968d83

SHA256
414760caa42fe133f1341337f32591a4dd2dc8d5fdfaf5e8653cd2252c4085a1

SHA512
a870fca76bae4dd36cb69db3facc5a294522a2cc471c70ca03320c92e445c2ca0e220c5bbcf8df1164db6eb9aa537df4b6cadab016aa5beefc41aa17050f1b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe

Filesize
468KB

MD5
e2d43f72276d3a3da5fb4c89383d49ff

SHA1
9d9890899f6620447ea5b0446f82f9eefe18b9b0

SHA256
12624840344177198a00eeda4530b2e8358ce2a695b528b6d28c65416e1c92f6

SHA512
9d01f267ad8c918d115f72ac20c13f81fa91f68be8a8bd7f15ed25aed603a71b62bf81500742e9d09a6148b3b8d659a5b5e9c48987528161c83671acd2091410

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe

Filesize
468KB

MD5
e03fc2166278499d69823095c01fbbfb

SHA1
c4e8333788c9e2a0f5a8d63b6b1f3b5927c66645

SHA256
ca14c5f9ca57db91979bb5ad23dd0a3417d8c1c7a29de650bc1ee1ebd5a13a4b

SHA512
429a84cadef8f9f3f10d282912cdbb0478f5c4f64db46bd1c48ea4fcbb6debf1b6355e44db401123c4990dd08c92fdd8e83db0885c5244180a0751cce3e9cab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe

Filesize
468KB

MD5
a038f199d210e7f57656c6b208a57be7

SHA1
cf9607ba33df521361c0760f65cdc490cf234c77

SHA256
2a8f7d61d972a0d9a310b1f9b8231088f4c37d932873fe0e567a7ba9106acbe8

SHA512
7353c6c05d9a46cc28234f61f3fcd514f827f9bbf44f44abdd107fab245877ed9f0013ca81e40a3e22e6253ecced478f8e65f15c7c81960bdc59c8f9c9097d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe

Filesize
468KB

MD5
82a8e6a5e148ea1a5116efad728e8691

SHA1
f7ae872132c00481df6f21f0a4860536e6ee440a

SHA256
9a52360a1a6842a0067849523338cfb55b4df828ebe6f05199f038881e2d76ba

SHA512
8c9e9c09a2a227c7668159cfd06b213255a779930e5fdf271293a8345c5692b609cac961b746e77e273a2e9422b2083f9daa5109357cb65289dcdb9961a1f86d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe

Filesize
468KB

MD5
94933bba089529a5c697e36f100a97db

SHA1
fc026125a587fa0b9a3fbbfa7e76ce1c47e21fe2

SHA256
db51f361a2fbd483603354fa8ffe49c180d3524995754c3103d2a056e40692bf

SHA512
21ac749b33290cd523260b0ddebe39304c524de5609a9501df2f5bbd7467dcad50c2d281009045096097ab7b970357d2d00d581c946e3c634a466c5b17528cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe

Filesize
468KB

MD5
faf224f35693a0db0f98c68215de57c0

SHA1
136dfbe18559078fc257a32a63bd0895d51a823b

SHA256
80334ba9888bbbb007839fd264e69d80ca39e19d118fbd2a843f0cef6cd8158d

SHA512
cd087adb291648ae171fa7f594dfda5cdae9230ef52e772510c6dc9a9abf2d34dcbf0cb2cedce6387b9899eeefb2fa8bf981287bab3a8ade9c0ac2f5bde6552e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35703.exe

Filesize
468KB

MD5
393744a7d819b15763edcbaa94a2d0ac

SHA1
334d0b62326de37a1ac142e61b045d978dda2b56

SHA256
96687070297fc4651beb2fa7913111f05291db689a5d2dfff0c1eb8e3e283862

SHA512
9e34695eb4059b10e68a8ccf87705382b516809e6f2af14c2180e365e36e7f023f68e10fb77eadcce9f1b0ffc31a0e2ef8960e50f4ebd4b7e6552f36e88d80e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe

Filesize
468KB

MD5
eb26ac772776d1e03b173a0d60a866cd

SHA1
6abda7300e020c3550d90aa62017e0a5fbd5ef34

SHA256
8a4b2c50a358ea7a377ff100748f48d4a5561506b8471339f96e8bc1efec68a1

SHA512
4aa967fb4462dff7ea8548ff66e55be5f5ce4b1dc6fdf5cf8649f3df58758721d0a133cb7cee0ac7a48f648e662cb7bf15fa967858a0e6f16f2eb78f345c70c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe

Filesize
468KB

MD5
a42d5e7971237d0f94296128e8389784

SHA1
ce58a92a5910f023d1c0f651b0de809f1e5d7626

SHA256
ead3402deb84ebfd4bb73c442d2b214b3f114665e8a7094c6144d2d45499c679

SHA512
808d2a6e0924bc87f36d7856501da5092b1935c2a463781d86ca8b77945a9446f67141af9f10a0f7edd145c3989b627357c9a357757d8e65515a34f2599e8aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe

Filesize
468KB

MD5
87878e361d61945f67c0e31302e3c9a7

SHA1
2be9fff5aad40b08bc249e84c5dad7dfc1b9f5f9

SHA256
ba9e2e999d577d5b7ced91cf157ff386110eb0b21ba13d019c9cdffbfb74493b

SHA512
0a5d61aed2c039d21cbea875aab9e6cb943bf442b6c7384eb5dfac3fcf4d895bc56f2ea1ad49d15cdd99b2478c4027de814bbcaeb2292c18ae0c98e1154cc390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe

Filesize
468KB

MD5
9c26dc3f389493e9a9f68b48b704a856

SHA1
12c0b61e931a4520942753fa67726fffc68113cf

SHA256
e48a8976116f940546a296fd3998c852166dea242616c0cc6df2ddc654b0b334

SHA512
02c156ea17d0d5abb773e5a979cde77625808b731579a867971320ddf3fe6d96d7f3f5496ede06aaeb76f80730e9cd3393dea3ede4626ee3eaca72ff7492b31d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46332.exe

Filesize
468KB

MD5
d4160ae197a70604935369c19650e657

SHA1
014123d3c4c90b23be1202eed8da91f6edd42186

SHA256
5e0cf9ea1e8b7554e03fef5db2b5e85609fbd28751131d8c68210e111940ae3c

SHA512
5d6a426d92a900b74cefc5132ba13e5bf83faca35f55f54b69af394690022e14852d09cabaa4e8d5230febf971ade902855bc965bf54bd09e18a24977b7a23da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe

Filesize
468KB

MD5
497eba256164cfd254f235b80505a717

SHA1
ecd9f7840bcfa1d1bc3d8faca4b815270a85b943

SHA256
9ce0c83a07c52e9eaa160af6619d87e2a00cb7440a2b4ac6cac10401330c1f2b

SHA512
b83532eebaac9458d071bdb2e2c7c6e3ebf45ac923faf557618b41017170191899abe29249053358254c46041102bc9acc6c87833b63becd2387bfe6cf40ef33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe

Filesize
468KB

MD5
ffccbc9d4b78489a5e537233e7dc1c8b

SHA1
7e8d95e2de1120fce21da5d929ec3ef72cd2cbc3

SHA256
d38299e57cf57227d9678cfcc29d03df9e84bcff7d833a06fe2946b397ff7bb0

SHA512
d66283b906fb6cf045ad07f01a88ee02318c4974a6b313e811a74d5d83ced2f9b87bdcff4ad4d0a4fbaa110b3255dbc8d9a0b71abfd2020b5e64309640d5bbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe

Filesize
468KB

MD5
9f3f867ef27c8818085c0b98075fce00

SHA1
93426f9eac902f0a751ff0d877ae24eed26ba540

SHA256
5ce71ef0ccadd894d4c9088b9477ff370854b7d99b8f5c2fe8599edd529c2508

SHA512
9fd6378ee47fda21551dde7b4d3fb4e30402c9e587e7d97e9fe62fa36870b4d84058dd2fca7a60c3984fa9de433c307f2f08e5656833e3c389338108650c7b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe

Filesize
468KB

MD5
c3e1cb1a237543564f03da5abc6e5469

SHA1
34f73afd937aa384c9e0eca61cb6b1a5b6794a91

SHA256
a277e88c93a04a0996d55fc10846bc092feee13d5e44748a357015f36e0f0401

SHA512
e205718432007e2149630e460f6e9e356d3c55bb31ddab05c43d741d019b2bc2bfa3be4e2c4cb219d99b3d1b605cd556715563d3e22d666656a02645d15fed42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe

Filesize
468KB

MD5
c3d6114313987d1a27323ca11cfce441

SHA1
fe5370911ab12c1da4d210566415e115c640524c

SHA256
d6a3ec156f3fa76e4f4932488c09e09521111d1c94298013c14dfe89716f8729

SHA512
872ccdacb3cb31e76d39e44eea252a16d511b1fa25950f6d24e18988f3463fe195f8f65d8edd91930db8d65da3cf06c690871a23f91da2eb3221c82841a6e6c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe

Filesize
468KB

MD5
1c61a871e8a9c0ce74d047d5119736aa

SHA1
0f592462b58368eeec0a7bda38a298f462b4bbba

SHA256
02021caf89d61c8d7b445f4ca6f1eb018e97878621ec8027a4d3a3c3f20b425d

SHA512
ae563b3d879af843aecd06ea9054386de26da7d5006512467bc15be98775aeab7df19283324de9977745b4adbab7ebeddc812512ff5f229bacddd6b89f3126cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe

Filesize
468KB

MD5
d4fd4951d93cd2a05ea3fd59338a6222

SHA1
772e798118dcde298f125735e466d068476e901f

SHA256
5a0848067a2c78797a84d51676f4c34d688d9ed48cf7bd6dd748103b92ecb1f3

SHA512
4cc76c2c7aa9b0cf8a9d193f4488588d8f3c22c59d7754b1197d10ae8857489aa806b747f5b571e87697a0d7e2e6d60dc419219a0a9829b0ed2d5a08b5fe1061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe

Filesize
468KB

MD5
40ada7974a3f4bec865fd9c1c87b3112

SHA1
e7c3ef0b7129eb1df4856042f21df6873752f497

SHA256
a7bb343156514076f43559b580ee2da07b04705091da52447587f92517fb48f9

SHA512
e660f3c88e9b1d3548d350428323226074969fc17ec8cf78ad2f8f40967e4a260018ed5577099c970fc78a68433536ce410628e69027d29c0d202cefdea10878

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe

Filesize
468KB

MD5
d9e31f7f8a0e22000937137ab236d7e9

SHA1
0c28a4d13ba20df439336b097bd580f1582b07cf

SHA256
0f5224d88225019aef2a47c14946ed5cf85b8bf041ef50cf1ab9d573f1c0a61c

SHA512
9af9df962087b9b15770a1b2f32576d5d4fdd811247cfb76dacb26a4fdb20f1c880c72a31635e5ed46d95245cb6c8547aaa396bcdb3b2cf0839c1f2d7b665565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe

Filesize
468KB

MD5
d395926a64fd34ff00165c99ff8800a1

SHA1
659973956fe9c4f4ed385dc0b7a5aab09116fdc8

SHA256
3c52dba198cb851274e2a66f77944c18fcb1737e510270d34dceedfe1b8d20d0

SHA512
0c8a3c7d49de07687adffeb765353df920d3e3df4736d59174279767441cffc69f87996cedb44b55277c9050fc4cc6d63e34c3139ee532b484563280071102c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe

Filesize
468KB

MD5
89654a7377e9fe42a8ba24efc70c0346

SHA1
fe1af4bcee1969dc2036b99d0ac09e9a223a4b36

SHA256
9af4aea39ef7e1a9aa820a85d5d1e0d190a4a163030793504307fe7d7a8e9533

SHA512
551f47b794108dd5dd988a55112432fca026ab567b1d79a32e7fa48b5d465eb56ee0af9695524509e80b4b2ad89c240fb27eb239fafcab75e1f863dbaac805d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe

Filesize
468KB

MD5
01560d8905299c94e2b1805640959de0

SHA1
86de3663b7acb2d9bdc464eec5047be74da5f8b6

SHA256
e6f4fe4c1958046b0e1ef4d53e862283772c35fe06d97eb10490cd68844c8f50

SHA512
c5effd222092e95732f27b73189263b096be8bbf28b86d28a07e8e26c90c1428194983a96ec4e0877fd5c7058811550dae70c92f50c26cac18728df7c0b98505

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads