408b4eceeda69c7baf4dcedea72174692d4aff2725e8de74807ec6d8d4a67d0e

Analysis

max time kernel
143s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe
Size

184KB
MD5

5c8f1e32d15dc081acc4e0f95aa091f0
SHA1

1eed08bab7b30f9b547afd4645653b27aad0ee7b
SHA256

408b4eceeda69c7baf4dcedea72174692d4aff2725e8de74807ec6d8d4a67d0e
SHA512

af127743ebbc79676e7a30989798c072cac013c3503a4a342c3eca48f9a6523e7f974a4025c75631bd714f96a7a64711af2edc56f25fce462ec702fb5c6e7a5a
SSDEEP

3072:b5tH0conjxjMCU/tQoe81v8HlvnqnviuK:b5Fo1XU/S818HlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3188	Unicorn-10352.exe
1960	Unicorn-63217.exe
3424	Unicorn-10103.exe
948	Unicorn-9203.exe
2004	Unicorn-9203.exe
3320	Unicorn-21626.exe
3596	Unicorn-51698.exe
1428	Unicorn-27668.exe
1576	Unicorn-7994.exe
2148	Unicorn-60532.exe
4352	Unicorn-14019.exe
2412	Unicorn-13754.exe
1556	Unicorn-56898.exe
1800	Unicorn-57979.exe
3736	Unicorn-6369.exe
468	Unicorn-63620.exe
1356	Unicorn-43178.exe
644	Unicorn-15655.exe
4632	Unicorn-10017.exe
2236	Unicorn-3.exe
3312	Unicorn-3.exe
3792	Unicorn-16340.exe
4564	Unicorn-15764.exe
4556	Unicorn-61435.exe
3956	Unicorn-48171.exe
1056	Unicorn-39506.exe
3640	Unicorn-44788.exe
1300	Unicorn-5409.exe
1932	Unicorn-26807.exe
4868	Unicorn-11466.exe
4492	Unicorn-1171.exe
2616	Unicorn-62110.exe
1164	Unicorn-1363.exe
1620	Unicorn-27905.exe
3212	Unicorn-59810.exe
1956	Unicorn-7425.exe
3988	Unicorn-51332.exe
2972	Unicorn-14938.exe
2632	Unicorn-4243.exe
1412	Unicorn-53371.exe
1308	Unicorn-4435.exe
4664	Unicorn-33194.exe
4928	Unicorn-36532.exe
212	Unicorn-36532.exe
4584	Unicorn-62389.exe
1208	Unicorn-48654.exe
4544	Unicorn-36724.exe
756	Unicorn-59883.exe
208	Unicorn-52868.exe
4076	Unicorn-52868.exe
1692	Unicorn-48270.exe
2352	Unicorn-60071.exe
4904	Unicorn-43770.exe
3252	Unicorn-27626.exe
4168	Unicorn-11098.exe
1952	Unicorn-30004.exe
2152	Unicorn-46148.exe
2300	Unicorn-26282.exe
4768	Unicorn-11949.exe
2536	Unicorn-62676.exe
4748	Unicorn-56242.exe
4856	Unicorn-15203.exe
3720	Unicorn-57397.exe
1000	Unicorn-14554.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
10020	5904	WerFault.exe	252
11892	1228	WerFault.exe	251
1064	13408	WerFault.exe	679
18344	17864	WerFault.exe	951
2724	18096	WerFault.exe	1064
1836	16012	WerFault.exe	883
18128	2992	Process not Found	1165
8232	16012	Process not Found	883
8640	17760	Process not Found	1197

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1512	Process not Found
Token: SeChangeNotifyPrivilege	1512	Process not Found
Token: 33	1512	Process not Found
Token: SeIncBasePriorityPrivilege	1512	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe
3188	Unicorn-10352.exe
1960	Unicorn-63217.exe
3424	Unicorn-10103.exe
2004	Unicorn-9203.exe
948	Unicorn-9203.exe
3596	Unicorn-51698.exe
3320	Unicorn-21626.exe
1428	Unicorn-27668.exe
1576	Unicorn-7994.exe
2148	Unicorn-60532.exe
2412	Unicorn-13754.exe
1556	Unicorn-56898.exe
4352	Unicorn-14019.exe
1800	Unicorn-57979.exe
3736	Unicorn-6369.exe
468	Unicorn-63620.exe
1356	Unicorn-43178.exe
644	Unicorn-15655.exe
4632	Unicorn-10017.exe
2236	Unicorn-3.exe
3312	Unicorn-3.exe
4556	Unicorn-61435.exe
1056	Unicorn-39506.exe
4564	Unicorn-15764.exe
3792	Unicorn-16340.exe
3640	Unicorn-44788.exe
1300	Unicorn-5409.exe
1932	Unicorn-26807.exe
4868	Unicorn-11466.exe
1620	Unicorn-27905.exe
3212	Unicorn-59810.exe
1956	Unicorn-7425.exe
3988	Unicorn-51332.exe
2972	Unicorn-14938.exe
2632	Unicorn-4243.exe
1412	Unicorn-53371.exe
4664	Unicorn-33194.exe
1308	Unicorn-4435.exe
4584	Unicorn-62389.exe
4544	Unicorn-36724.exe
4076	Unicorn-52868.exe
4928	Unicorn-36532.exe
212	Unicorn-36532.exe
208	Unicorn-52868.exe
756	Unicorn-59883.exe
1208	Unicorn-48654.exe
1692	Unicorn-48270.exe
2352	Unicorn-60071.exe
4904	Unicorn-43770.exe
3252	Unicorn-27626.exe
4168	Unicorn-11098.exe
1952	Unicorn-30004.exe
2300	Unicorn-26282.exe
2152	Unicorn-46148.exe
4748	Unicorn-56242.exe
4768	Unicorn-11949.exe
2536	Unicorn-62676.exe
4856	Unicorn-15203.exe
3720	Unicorn-57397.exe
1000	Unicorn-14554.exe
2092	Unicorn-37677.exe
4864	Unicorn-14819.exe
4704	Unicorn-31083.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 3188	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	87
PID 1240 wrote to memory of 3188	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	87
PID 1240 wrote to memory of 3188	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	87
PID 3188 wrote to memory of 1960	3188	Unicorn-10352.exe	88
PID 3188 wrote to memory of 1960	3188	Unicorn-10352.exe	88
PID 3188 wrote to memory of 1960	3188	Unicorn-10352.exe	88
PID 1240 wrote to memory of 3424	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	89
PID 1240 wrote to memory of 3424	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	89
PID 1240 wrote to memory of 3424	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	89
PID 1960 wrote to memory of 2004	1960	Unicorn-63217.exe	91
PID 1960 wrote to memory of 2004	1960	Unicorn-63217.exe	91
PID 1960 wrote to memory of 2004	1960	Unicorn-63217.exe	91
PID 3424 wrote to memory of 948	3424	Unicorn-10103.exe	90
PID 3424 wrote to memory of 948	3424	Unicorn-10103.exe	90
PID 3424 wrote to memory of 948	3424	Unicorn-10103.exe	90
PID 3188 wrote to memory of 3320	3188	Unicorn-10352.exe	92
PID 3188 wrote to memory of 3320	3188	Unicorn-10352.exe	92
PID 3188 wrote to memory of 3320	3188	Unicorn-10352.exe	92
PID 1240 wrote to memory of 3596	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	93
PID 1240 wrote to memory of 3596	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	93
PID 1240 wrote to memory of 3596	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	93
PID 948 wrote to memory of 1428	948	Unicorn-9203.exe	94
PID 948 wrote to memory of 1428	948	Unicorn-9203.exe	94
PID 948 wrote to memory of 1428	948	Unicorn-9203.exe	94
PID 1960 wrote to memory of 1576	1960	Unicorn-63217.exe	95
PID 1960 wrote to memory of 1576	1960	Unicorn-63217.exe	95
PID 1960 wrote to memory of 1576	1960	Unicorn-63217.exe	95
PID 3596 wrote to memory of 2148	3596	Unicorn-51698.exe	96
PID 3596 wrote to memory of 2148	3596	Unicorn-51698.exe	96
PID 3596 wrote to memory of 2148	3596	Unicorn-51698.exe	96
PID 3320 wrote to memory of 4352	3320	Unicorn-21626.exe	97
PID 3320 wrote to memory of 4352	3320	Unicorn-21626.exe	97
PID 3320 wrote to memory of 4352	3320	Unicorn-21626.exe	97
PID 1240 wrote to memory of 2412	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	98
PID 1240 wrote to memory of 2412	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	98
PID 1240 wrote to memory of 2412	1240	5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe	98
PID 3188 wrote to memory of 1556	3188	Unicorn-10352.exe	99
PID 3188 wrote to memory of 1556	3188	Unicorn-10352.exe	99
PID 3188 wrote to memory of 1556	3188	Unicorn-10352.exe	99
PID 2004 wrote to memory of 1800	2004	Unicorn-9203.exe	100
PID 2004 wrote to memory of 1800	2004	Unicorn-9203.exe	100
PID 2004 wrote to memory of 1800	2004	Unicorn-9203.exe	100
PID 3424 wrote to memory of 3736	3424	Unicorn-10103.exe	101
PID 3424 wrote to memory of 3736	3424	Unicorn-10103.exe	101
PID 3424 wrote to memory of 3736	3424	Unicorn-10103.exe	101
PID 1428 wrote to memory of 468	1428	Unicorn-27668.exe	102
PID 1428 wrote to memory of 468	1428	Unicorn-27668.exe	102
PID 1428 wrote to memory of 468	1428	Unicorn-27668.exe	102
PID 948 wrote to memory of 1356	948	Unicorn-9203.exe	103
PID 948 wrote to memory of 1356	948	Unicorn-9203.exe	103
PID 948 wrote to memory of 1356	948	Unicorn-9203.exe	103
PID 1576 wrote to memory of 644	1576	Unicorn-7994.exe	104
PID 1576 wrote to memory of 644	1576	Unicorn-7994.exe	104
PID 1576 wrote to memory of 644	1576	Unicorn-7994.exe	104
PID 1960 wrote to memory of 4632	1960	Unicorn-63217.exe	105
PID 1960 wrote to memory of 4632	1960	Unicorn-63217.exe	105
PID 1960 wrote to memory of 4632	1960	Unicorn-63217.exe	105
PID 2148 wrote to memory of 3312	2148	Unicorn-60532.exe	107
PID 4352 wrote to memory of 2236	4352	Unicorn-14019.exe	106
PID 2148 wrote to memory of 3312	2148	Unicorn-60532.exe	107
PID 2148 wrote to memory of 3312	2148	Unicorn-60532.exe	107
PID 4352 wrote to memory of 2236	4352	Unicorn-14019.exe	106
PID 4352 wrote to memory of 2236	4352	Unicorn-14019.exe	106
PID 2412 wrote to memory of 3792	2412	Unicorn-13754.exe	108

C:\Users\Admin\AppData\Local\Temp\5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c8f1e32d15dc081acc4e0f95aa091f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        9⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        9⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        9⤵
        
        PID:16248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        9⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        9⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        9⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        9⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        8⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        8⤵
        
        PID:13372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        9⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        9⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        8⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
        7⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1859.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        8⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        8⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        8⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        7⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        7⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        7⤵
        
        PID:17128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
        6⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59250.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        8⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        9⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
        9⤵
        
        PID:14684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        9⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        8⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        7⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        6⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        6⤵
        
        PID:16724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        7⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61310.exe
        7⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        7⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        7⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55701.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19185.exe
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21684.exe
        6⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        6⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        6⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        5⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38622.exe
        9⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        9⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        9⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65355.exe
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        8⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        8⤵
        
        PID:18096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18096 -s 212
        9⤵
        Program crash
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        8⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        8⤵
        
        PID:18124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        8⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        7⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        7⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35802.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        8⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        8⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20570.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11146.exe
        7⤵
        
        PID:14668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        6⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14797.exe
        7⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29995.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        6⤵
        
        PID:17704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        6⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        8⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        8⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        7⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        7⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        7⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        7⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        7⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        6⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        6⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        5⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12819.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48340.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        7⤵
        
        PID:15648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        6⤵
        
        PID:12448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50923.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        6⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        5⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        5⤵
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        8⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        7⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        8⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        8⤵
        
        PID:17660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        7⤵
        
        PID:17088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        6⤵
        
        PID:17420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24955.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41026.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18150.exe
        7⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
        6⤵
        
        PID:17500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        5⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
        5⤵
        
        PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35028.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4794.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        6⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        5⤵
        
        PID:8920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        5⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        5⤵
        
        PID:17472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        5⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        6⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        5⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
        5⤵
        
        PID:17552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        5⤵
        
        PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
      4⤵
      PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
      4⤵
      PID:17964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        9⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        9⤵
        
        PID:13412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        8⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        8⤵
        
        PID:18112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        8⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        8⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        8⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        7⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11457.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        8⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        8⤵
        
        PID:16116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        8⤵
        
        PID:17856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
        7⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        7⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        6⤵
        
        PID:17984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        6⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        6⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        8⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        8⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        8⤵
        
        PID:17884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        8⤵
        
        PID:18160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14195.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        7⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        6⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        6⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        6⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18785.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        7⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        6⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        5⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        5⤵
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        6⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
        6⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        6⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        6⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        5⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        5⤵
        
        PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
      4⤵
      PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        5⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13385.exe
      4⤵
      PID:15004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
      4⤵
      PID:17436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      4⤵
      PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        7⤵
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        5⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23972.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
        6⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        6⤵
        
        PID:17836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        6⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        5⤵
        
        PID:15692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13812.exe
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54398.exe
        6⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63589.exe
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        5⤵
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33041.exe
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
      4⤵
      PID:14900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
      4⤵
      PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
    3⤵
    - Executes dropped EXE
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        6⤵
        
        PID:18320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        5⤵
        
        PID:13360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        5⤵
        
        PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
      4⤵
      PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
      4⤵
      PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
      4⤵
      PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
      4⤵
      PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      4⤵
      PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        5⤵
        
        PID:17716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        5⤵
        
        PID:14252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
      4⤵
      PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
      4⤵
      PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
      4⤵
      PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
      4⤵
      PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
    3⤵
    PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
    3⤵
    PID:2748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
        6⤵
        Executes dropped EXE
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        8⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        8⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        8⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        8⤵
        
        PID:17900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        7⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        7⤵
        
        PID:13488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        7⤵
        
        PID:17360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        6⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18151.exe
        7⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        7⤵
        
        PID:15768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        6⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47994.exe
        6⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        5⤵
        Executes dropped EXE
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
        6⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
        7⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 720
        8⤵
        Program crash
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        6⤵
        
        PID:16592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        6⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48404.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        7⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        7⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        6⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        6⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        7⤵
        
        PID:15708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        7⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        6⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        6⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
        5⤵
        
        PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        5⤵
        
        PID:15688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        5⤵
        Executes dropped EXE
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        6⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        7⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        7⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        7⤵
        
        PID:16672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
        6⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39498.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        7⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        7⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        7⤵
        
        PID:18132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        6⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50460.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        5⤵
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        6⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        8⤵
        
        PID:15788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        7⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64773.exe
        6⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        6⤵
        
        PID:13764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39243.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36114.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        5⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        5⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58638.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        8⤵
        
        PID:17864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17864 -s 248
        9⤵
        Program crash
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        7⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        7⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        7⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        6⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        6⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20781.exe
        7⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        7⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
        6⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7446.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52980.exe
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20305.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        6⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        5⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        5⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51694.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        6⤵
        
        PID:17944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        6⤵
        
        PID:18084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
      4⤵
      PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
      4⤵
      PID:16012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16012 -s 484
        5⤵
        Program crash
        
        PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21364.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53851.exe
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        5⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        5⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        5⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
      4⤵
      PID:11076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
      4⤵
      PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
      4⤵
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        6⤵
        
        PID:12436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        6⤵
        
        PID:15832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        6⤵
        
        PID:18116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31883.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        5⤵
        
        PID:16200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        5⤵
        
        PID:18208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        5⤵
        
        PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
      4⤵
      PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
    3⤵
    PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        5⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        5⤵
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
      4⤵
      PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      4⤵
      PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
      4⤵
      PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
      4⤵
      PID:1844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
    3⤵
    PID:9580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
    3⤵
    PID:13308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
    3⤵
    PID:16684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
    3⤵
    PID:17860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        7⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        7⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        7⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        6⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        6⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        7⤵
        
        PID:17920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        6⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        5⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        6⤵
        
        PID:18140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        5⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        5⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        6⤵
        
        PID:12692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        6⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        6⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14458.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
      4⤵
      PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
      4⤵
      PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
      4⤵
      PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
      4⤵
      PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        5⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
      4⤵
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        5⤵
        
        PID:17184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        5⤵
        
        PID:18144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      4⤵
      PID:11616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
      4⤵
      PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        7⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        7⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        7⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        6⤵
        
        PID:10588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        6⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        5⤵
        
        PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62802.exe
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
      4⤵
      PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
      4⤵
      PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
    3⤵
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        5⤵
        
        PID:13740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        5⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29566.exe
        5⤵
        
        PID:17684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
      4⤵
      PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
      4⤵
      PID:18088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
    3⤵
    PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
      4⤵
      PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
      4⤵
      PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
      4⤵
      PID:18336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
    3⤵
    PID:9188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
    3⤵
    PID:12932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
    3⤵
    PID:16340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
    3⤵
    PID:14940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24615.exe
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        7⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        7⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        6⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49275.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        6⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13408 -s 464
        7⤵
        Program crash
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10145.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5434.exe
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        5⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        5⤵
        
        PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26881.exe
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
      4⤵
      PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
      4⤵
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        5⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        5⤵
        
        PID:12732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        5⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        5⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        5⤵
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        5⤵
        
        PID:9280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58194.exe
    3⤵
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1875.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44820.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        5⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        5⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        5⤵
        
        PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      4⤵
      PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
      4⤵
      PID:13412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24801.exe
    3⤵
    PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
    3⤵
    PID:12392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
    3⤵
    PID:388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
    3⤵
    PID:6352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        5⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        5⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      4⤵
      PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
      4⤵
      PID:10640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11121.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
      4⤵
      PID:4012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
    3⤵
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-339.exe
      4⤵
      PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 720
        5⤵
        Program crash
        
        PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
      4⤵
      PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62375.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
    3⤵
    PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
      4⤵
      PID:17192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
    3⤵
    PID:9692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
    3⤵
    PID:15236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7068.exe
    3⤵
    PID:17820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        5⤵
        
        PID:15296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
      4⤵
      PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
      4⤵
      PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
    3⤵
    PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
    3⤵
    PID:8464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
    3⤵
    PID:13164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
    3⤵
    PID:15716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
    3⤵
    PID:5424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    3⤵
    PID:11788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5846.exe
  2⤵
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
      4⤵
      PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
      4⤵
      PID:17656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
    3⤵
    PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
    3⤵
    PID:12828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
    3⤵
    PID:16312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
    3⤵
    PID:6868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
  2⤵
  PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
    3⤵
    PID:11656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
    3⤵
    PID:15724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
  2⤵
  PID:9320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
  2⤵
  PID:12596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
  2⤵
  PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5904 -ip 5904
1⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1228 -ip 1228
1⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 13408 -ip 13408
1⤵
PID:14728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 17864 -ip 17864
1⤵
PID:18148

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:17504
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 17504 -s 1332
  2⤵
  PID:18380

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 18096 -ip 18096
1⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 16012 -ip 16012
1⤵
PID:8016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe

Filesize
184KB

MD5
9678badc1162a59dd8c0503de8d0689b

SHA1
98128a7b2fdb6e6d122ce341ea1750e133d1398a

SHA256
96c8588043f25b19e30563ebdf157efbad754dd2cb7d4304f99d80dce5922069

SHA512
23383ef25de7606d50e0430a46e149fa92478246778a203a5a07b466964f0c13b7d48d1b9e79f56d05d0bf23a6f58a3943c4461a2931b093750eb44f73b2b72c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe

Filesize
184KB

MD5
9cbd2d9f788b8adf463490763ac70121

SHA1
70c2a1287dda7dedd571ecfedc61ceb2bcd527e1

SHA256
dcbbbcaed981d3741324cfc14818b000299b2da8bae6f36688bd2af1a13043a2

SHA512
c6a9b640a2f6ddeba6e3994222abccc0c87f3eb375d95ac3e78d8db91d18efd0ab29db81c29805d5f45ea189db30135ba9b06ad223a729f62f219d7db48c6a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10352.exe

Filesize
184KB

MD5
c85fef7e282a808907a5093904b970e0

SHA1
b726acd91e7de8b536a6230be5216eeb5b9e07b5

SHA256
e0068b34914ec56646712f4d412358ebf3373287e9e3b677c4b5769cdad53538

SHA512
37bd65f9bea0a658f0ef5da244db1521da087a2bec8706f4d481ad90cfd5d05ef4c9f0176c4f08069b57ce70960f1b6c5fe34295aed527646c4ccb5b931f097a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe

Filesize
184KB

MD5
8785290dcaabd7375c5aa72201d6e663

SHA1
0427aabbf3b9ff83cd9f1dae5f1a38ea1000b1cc

SHA256
533201b431ef6aa85ca8e1ba692a53fd55fcaba9c6bcb1849268c08354b9819c

SHA512
d42f51f1a3ed28d000409b4db5bd3eee39f6b8780619bda6c23cd723ff180bafa0e9db1e9d1159ed2de2dccc0fe6a43ee6589ceb6d84922d60e19d208af29b54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe

Filesize
184KB

MD5
06ff87d5b970e60d9414978206d2af01

SHA1
23dbdae3a1759d9a8ade5bfdfeef8970e4e517d5

SHA256
b142ca41b9b26bd570d8fe5039b881d119dd16802113c4b1acefb2f2f52439b4

SHA512
eb07d44703677a7284b242f729311476475f2948093cd8a83d0bd2e4ea8dc64457b0ebd12682590f7b8ff489316b08e84f7df09ef6c41d8d74168e099a18cb19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe

Filesize
184KB

MD5
90ac8399fe20a456925222dedd100bff

SHA1
4ef5f2f7c9f7c952c18fbfb7afc7c92ce46cb9e6

SHA256
068b6f518a96f5f1d944df2adc6d1d86a8ab2efcfc23366db842889952f9493e

SHA512
b43313b350422ab83dbd8d9538cce8688f5add63c11e42a13ebfdd46615f33982b106ac896209d266936585f07ccc8c311a810a5e7762d12d33946388e005e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe

Filesize
184KB

MD5
adf14a572f34cdc9b69803737ebedd12

SHA1
6a1d9e927971047ee7b25cdff954daf6153f7d5b

SHA256
9914e890c47ae11e4ed1236a35f22e7150dfb6ee3eeba3df8c3b4b4203dfc043

SHA512
ddd734fa5869c87333cba9c85b37e8ea5f57aca3d739fa8b3def0f9712e613a36c60d0196ed23f974c0786fb3954a27e8615047a72a20f204a807f19b1c63e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe

Filesize
184KB

MD5
fe331f413d66a367649205f2f4ed8bc6

SHA1
6efea19f25783ff05b60eda9bc17f705af0a677f

SHA256
c2fd01b876ab831fffeb49dc0ff07cb864e505d337ebe931b5743dd0570fc8e0

SHA512
6aba08232bb404eb57a687b6d5271e701a976afb891cea79f1ed16ee3b8bdb968862dec30fc94e52c6b766dd9b493814095efd8d8e3f3ad1fb044ca7c4d5088d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe

Filesize
184KB

MD5
16b4bb11189baa097cf41afa4af1647e

SHA1
450bb1af2d8a6852d4e4fcb7feab385b230558a2

SHA256
38ecc4095202be73aca9c890c892a29afbb2d37dd14480799cf3f54020468af0

SHA512
cc53d947928146cbc961c1d2654be9b1174ace15e74c81733c9dcca067e5cf1d9bb50320162e911cf02dd9b5d042a255e8c5d3a5a66b3289393c96fd49b89fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe

Filesize
184KB

MD5
b3c5cca77fa499ea2223a6ff09a4c9ab

SHA1
ea33dd5dd5f1edd7bf9bf8cc194de572f2708c15

SHA256
87790a4778301f8b82d8d99ea79fe93f824f1f7ad3d88eabe66d0587fb575e9d

SHA512
83df2c26d719ba44843916c7113a8670ccc92ef7d4e155c712946dd6b671802df5113ac0039a4b48393f8dae795b024627f833c850f2671d9e7dc2c1ac8a010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe

Filesize
184KB

MD5
cbe9ac8e2b8cd8df545c3373b565cc09

SHA1
32ed26e72e9ac95ed405764e2c8367777422f914

SHA256
9da97c287ea134f6825697251b8fe5ea9b620beac1b90e6f4a51c54d03c8cc2a

SHA512
40905297ef2d9ee06664a9ec8f492c3118d3bed570f8d608bae4e2bf026105d4dc2103f24dfc3d9d92958e8ddf2b79b7ad755491435e883f4c20032fc2a6a38b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe

Filesize
184KB

MD5
36a0eb63551c408ca62272ce30238082

SHA1
1d31de5ad1ad8ceea176b1890b963cb7997c0ee1

SHA256
d64acc64d7c0ffae22fefb73289f7cb2d6a89cdbeac76b4fe68aa055412770cb

SHA512
92f9aef442b9ff0c41b086970d01c327f0e5554e12ac1af41a1eedd455d205e6599dfbc850dbaf1272672bf4b2d934eb0dc889db4e5bd30672f70054292eec64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe

Filesize
184KB

MD5
4f7761ba220f1a8f90329d3b6beda40d

SHA1
cbf4e919f5c55107ef3c1b449e3c90b1463a0e65

SHA256
b4ba87273f3a973fdc1fdf9e457f45595a2d0fc387966611d85f0ef48c55e895

SHA512
a3df841ab748c8baee8e8339f2060f08bc220a6d998cb35393ede0a3e7776dec8b38c9f987afdf475044c15a1bf391bdb55db3a9561e832e32fd5d4a8a310db3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe

Filesize
184KB

MD5
cb163baef286b6eb76d000b3b002c341

SHA1
54813aadf69de7d914c6414f21062cd22008aff8

SHA256
7c3d056a4425ed5b684cdc022176a05ff9f7531ab04548bbf2cb5bf481bb6fca

SHA512
35618a014dc7f0bce08a7e540219ba8f175af25247516c5f2f67307d99b8465a797f451cecf0203941950b94fd11423d296e110a405d1b9422ebc5a64e9ef75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe

Filesize
184KB

MD5
71ed3a642849d839b237872d7890baac

SHA1
c497046202304b481b4cfee193372c7b4c1b578e

SHA256
280ae84e251f23385e490519d576ec3b557db0c6705b319cead72c1f1b43080e

SHA512
519fc145395956c2fc23dcf7d4599c30c1393a57eeb460086ff4fbff01c0181f3f252b0d0d4806926205f3edecc181cdb0b803146404d10d8b094933b737e758

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe

Filesize
184KB

MD5
7d870d6cb02c2450326dac3062e4cf2a

SHA1
77043a6eab01397a219e5a331e399109ff6b8135

SHA256
cfd5d66c255d2cb15cc078b53f922fad4c1eaf62878b756120a626c2892143c5

SHA512
9066b79e4397562e88df9c310ed72b728bb6f8595d8d20b94334c4466b790cb8109da33f95aff9f48398e227c90e5bd89c8dd5550a622a11db61b63b5a0c7275

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe

Filesize
184KB

MD5
ec42a1fa4500a03e230d9e0ab60b0539

SHA1
95a3f5ed90fd2b959b3708270b0bd131043b452a

SHA256
39c33a71a73e13e2c0bc0f86c0aba06512ef9ff0ff46e02baf91a1dbf15232bf

SHA512
64a76aa5c175e7e54485e43e2aafdfa45b5d18c7dc10868af2f1b34cf42b7a1559756e05a39aeb2f243cf1cf0a6d8ee326769d92981ff75495abed1b15106dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe

Filesize
184KB

MD5
14f7a9b1681aa65b261e5bc54c86ffea

SHA1
65b84d491f60d3f1f442350c5823fca1a62ac46f

SHA256
8106e652eca287d920fe6eda3fb06a244dc9916c3688773150b62efb7087da5a

SHA512
f5579c1d1e31f4c67d2935cd3c413e0f216303230f64e2d668593cbee07ebf3bf6776ef1554d93fe4787b2c6375366741585aef5461a20614728065892753004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe

Filesize
184KB

MD5
7ab11831dd52d7303441f253d0f0757f

SHA1
c00861a94d476e28f3a4e867beee95501f87d5d4

SHA256
a6097042e992994d88bce3affb99f66d6fdcfee114f125280e304ac60c0ecd30

SHA512
ef5932b13ec0b24e187c776c71f6affeea548f8282314f3e2e4bab4a6c197528d28939d9006df9b80fa43f129f81bee8e08fd3996c0a2d7ed2b7662cc5784521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe

Filesize
184KB

MD5
335d3c3f5eb94c0a7e0210a38fbd8918

SHA1
3e425bc12006ebdc8c19e268a8eec3a9c88d294c

SHA256
6c209ea426eb9b28c61887bff834ce3bb344bb807b429449fd12fc38bd638f2c

SHA512
71c4fcd50a713248f21fd7e6826e88edcf39fa15c94c174886bd0423678b5b6ecd0203b67311a7b95969676144d64f565f9f0c5af506c9c5de324aa18148e68f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe

Filesize
184KB

MD5
d6a1569732dc00d752fa07dc2774b010

SHA1
d3f8bbdd2c936e83e8996379d8675469f7796217

SHA256
1d58f4bedc6785a886489ada5277c7bbaa0e19eb778364d460c60ac7fe187333

SHA512
f0720a0eff093833c746c848a318e640695b45fec0dacb21972da832b0edd37714ffec2e0a27d1a5b77c89be10b7fc8cd2eb7af690a21cd2b57423f775c06875

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe

Filesize
184KB

MD5
58c835dedc06325c701beb12ff943c59

SHA1
faf90ef3b7702761d67be9f7102d2f20d543c46f

SHA256
bf5f8ddf43dea8ed9d55059cb17dfe3f285dcb62d7495ab53490c3d4c0823c46

SHA512
ed078cb78bb0e617545729d45458f4ca62bf55f18a1f96671f34cd945fa8e64c6d1d784c2cfb1a15e4c1890a7e8cd1825429ecf83937c20062582b4ce3af9a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe

Filesize
184KB

MD5
912b0d9ac9923f0a6cf3fc232ab47a2c

SHA1
26d2149abe526ff314e4e3af50d73876cd46ada4

SHA256
8583a5893243668c688ddd789596cb77d6353bb3035520bbdd5d51906e5ae74a

SHA512
ae9869a0d631c385b30af610994c4a1572095a9a6170ea4a3d0defd318c7c8e45608c9b8cf0f221eebd678e052c65077dbcedbb14fe3dab724aad29563cbdc79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe

Filesize
184KB

MD5
a7832749143a3dd62de1b131f7fd013b

SHA1
3879357e30ff15440f15a07a0b336e15eb0223f1

SHA256
08e4b5c308134d32fb395390726372ed3b25151ae2a7920f2ee5e71548e7e831

SHA512
90739f370ded403fc56b030acab2b02d51975bb185e5f29d04f863adc965a62572e62de6e8ec9ee2d1f1438bca7cec208fce37fcd52796cbfd5f3bee1f2b4d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe

Filesize
184KB

MD5
ba72153ee6693f40082cecb585a9bd78

SHA1
2e086fafc8296fec4b8f16fd88a49f3aae470a9a

SHA256
b96922edde74e3b434d62737b5c6cd2f01918bad62ff0ad0a39199431275af59

SHA512
5b2a208bfc2428d6bb3776b3f1b3b9293fdbfdd14c4c51621f370439a00d3a2854b101538e9e4bed7e779f25ec46c8596261b64af8b68c0b8814a9b14b612f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe

Filesize
184KB

MD5
4baf8e228cb5e0b35edc53259fa89677

SHA1
de7214101e4aaf8fca7509a48f69826c9fa98a9d

SHA256
dd833d921b28f661a0583338278f07f042f5833fe5bc397f1d069d0fb2bbf86a

SHA512
8c147ba9a6958b7be7b8af69e4841c9fa29842792cde6af7b2346d5337b5880d0bcd2ad7e62c080df82d69c498ba502652dbed3a3b36f6d06e46b4bb72577847

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe

Filesize
184KB

MD5
cdda414ccb0442f1c2873ba70ab99a4b

SHA1
447953b0c46524a501af5bb49e925c2232f1c854

SHA256
51147ed88cc4eac957b35ca197bfc6b9828050b532e75235eee4afa7e8129a56

SHA512
908ce1e1b7addb121aa4df79760b05a5a0187184f357822540f94166de12b794ead81b8538bf73b683fa59693f6cdd66e68d4ae7d2bcae98f5d0e0784da5ba1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe

Filesize
184KB

MD5
d8dad606b54a202d6a8a435c859c05eb

SHA1
8c7257d2a9dd06c34aa9891a88e48901dfebf055

SHA256
3cb6558fc90b3979a69395c8846a56bac55a480e027a0836cb62df9cb5f1a127

SHA512
0bbe2aa631bf6935a65c133e1753dd6e767cc49a9704692a7d2b8796117ec817f08c79a1660f95b8ea74b1d276f572b9ec5ff3445ec65db3b51295b5dc8dd6a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe

Filesize
184KB

MD5
a25e1ca3832aa35ca0c8b61bb23323a8

SHA1
6a31ed5fcba9dd68f0f38b987043af8472291c56

SHA256
acdf9e2bad506a2b61f626db178d70bc7f34695457eac47963bf84aed802b1ce

SHA512
5f229723f0fe1a69a67e68eccdb4c31ba31538c891de044ba1cb9bad446d4b0286a70b2fd66f94caf7923b5cf9f3e0a0a0e39406b9da96ded2d2dafc7db812ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe

Filesize
184KB

MD5
e3707758d2366b2888f4ba9fb03b5570

SHA1
d3e64b7a7a7a2cc73cc863ebbe1e0f381ffbee5d

SHA256
2c07d475d25e4711afe85cdfa0f5b5ef62b3e15fdc4521f54117ff6b091b879a

SHA512
063d4d62c62721211d3d0774fa592ceacab1f366dc18cf8e19d03a5341a27dcad8c802ccbb2ab5d245e535579e6d980abf16bc19996380f9441ed0866d53b3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe

Filesize
184KB

MD5
0e7f555db5042b14b252412d2d7be339

SHA1
1d020ef835f8db015bbf53a56192cf1afb01c038

SHA256
db2d23ddd811646a65db90850518a6243c5144e39a70401685b5b0c175960e9e

SHA512
4cdbc8e6814a92dbf017cdbe213faeaea9412b53bf5e069dd37407a360fc570c6c8b6e91a70e328cefc61700ef07b65044df1b4c9f2dae90d6f0eb93a90e2b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe

Filesize
184KB

MD5
628c76b5c740a44eaab1d93954923c4e

SHA1
1feabb68103a48f4f21b2e444ef920f52cdbb4ca

SHA256
fd1ef77e0958d1b16838a541b14a4450c8b3b265ae4d69bf48f1e4a4a237ce4b

SHA512
267d986153b6b9c9ce51533475f3dbe095879461890987bf440340036c51117b5fd29ed2f46dc5a11a9c48f1660903cc29590609d65f4da6f90b0df6e574f5a9

Download Submit
memory/2616-894-0x0000000002FD0000-0x00000000030AB000-memory.dmp

Filesize
876KB

Download
memory/2748-3508-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/7276-3466-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17048-3518-0x00007FFEB5430000-0x00007FFEB5625000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads