8a319ed46c3f32fac1dbebb67cdce5c97973ba5c03a8531804db1a35351ce8de

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

377095437cd3759d73041f6918e99900_NeikiAnalytics.exe
Size

184KB
MD5

377095437cd3759d73041f6918e99900
SHA1

da5896fbce99b8542987a3959623b48e9ad605e5
SHA256

8a319ed46c3f32fac1dbebb67cdce5c97973ba5c03a8531804db1a35351ce8de
SHA512

af235e80584f245812a459b9d27bcf67d6a8f07b1ba2f1f973fef9512f201c9114a11e4af4f68a63b5f772510df7d15e86f8d3ddac4640b0b0ed3fe178940b4c
SSDEEP

3072:p/nVJHoJC+4+EfjOWAn8iPoFbvnqnviu:p/bourfjg84oFbPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4296	Unicorn-53430.exe
3160	Unicorn-3243.exe
4780	Unicorn-52999.exe
2944	Unicorn-57680.exe
2012	Unicorn-7088.exe
3192	Unicorn-31038.exe
4108	Unicorn-59718.exe
3228	Unicorn-6123.exe
2440	Unicorn-8161.exe
2656	Unicorn-14291.exe
3124	Unicorn-64047.exe
3168	Unicorn-28682.exe
3216	Unicorn-8816.exe
4548	Unicorn-59408.exe
4436	Unicorn-32501.exe
2912	Unicorn-54338.exe
332	Unicorn-14052.exe
2220	Unicorn-56284.exe
1840	Unicorn-29642.exe
4416	Unicorn-29377.exe
2972	Unicorn-2999.exe
5092	Unicorn-31679.exe
4832	Unicorn-17944.exe
2948	Unicorn-13113.exe
4496	Unicorn-8267.exe
2512	Unicorn-52008.exe
1880	Unicorn-23420.exe
4060	Unicorn-21373.exe
2416	Unicorn-7638.exe
2208	Unicorn-13448.exe
448	Unicorn-28393.exe
1900	Unicorn-56519.exe
2276	Unicorn-56427.exe
4336	Unicorn-42591.exe
4356	Unicorn-60411.exe
2332	Unicorn-46697.exe
3040	Unicorn-46697.exe
884	Unicorn-46697.exe
2648	Unicorn-18663.exe
3852	Unicorn-29598.exe
1940	Unicorn-12441.exe
3420	Unicorn-58757.exe
2308	Unicorn-30169.exe
3984	Unicorn-64979.exe
904	Unicorn-38337.exe
3032	Unicorn-3526.exe
3448	Unicorn-42156.exe
1936	Unicorn-63396.exe
4044	Unicorn-22985.exe
4384	Unicorn-42421.exe
4648	Unicorn-15678.exe
2724	Unicorn-38237.exe
4260	Unicorn-1388.exe
1504	Unicorn-32115.exe
4740	Unicorn-55228.exe
5000	Unicorn-40018.exe
4748	Unicorn-1943.exe
4480	Unicorn-1388.exe
4736	Unicorn-55228.exe
4860	Unicorn-29545.exe
2176	Unicorn-59525.exe
3648	Unicorn-24806.exe
4852	Unicorn-39105.exe
4376	Unicorn-42924.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
9016	7056	WerFault.exe	260
8904	7016	WerFault.exe	255
2544	7008	WerFault.exe	254
7880	7032	WerFault.exe	257
9468	7040	WerFault.exe	258
6212	7048	WerFault.exe	259
7016	7024	WerFault.exe	256
15628	3604	WerFault.exe	294
20028	15536	WerFault.exe	791
20048	15560	WerFault.exe	792
20396	17176	WerFault.exe	835
20500	5096	Process not Found	1153
20752	1784	Process not Found	1204
20736	6528	Process not Found	1190
21000	11696	Process not Found

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
14860	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5624	Process not Found
Token: SeChangeNotifyPrivilege	5624	Process not Found
Token: 33	5624	Process not Found
Token: SeIncBasePriorityPrivilege	5624	Process not Found
Token: SeCreateGlobalPrivilege	8824	Process not Found
Token: SeChangeNotifyPrivilege	8824	Process not Found
Token: 33	8824	Process not Found
Token: SeIncBasePriorityPrivilege	8824	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe
4296	Unicorn-53430.exe
3160	Unicorn-3243.exe
4780	Unicorn-52999.exe
2012	Unicorn-7088.exe
2944	Unicorn-57680.exe
3192	Unicorn-31038.exe
4108	Unicorn-59718.exe
3228	Unicorn-6123.exe
2440	Unicorn-8161.exe
3124	Unicorn-64047.exe
2656	Unicorn-14291.exe
4436	Unicorn-32501.exe
4548	Unicorn-59408.exe
3216	Unicorn-8816.exe
3168	Unicorn-28682.exe
2912	Unicorn-54338.exe
332	Unicorn-14052.exe
2220	Unicorn-56284.exe
1840	Unicorn-29642.exe
4416	Unicorn-29377.exe
2972	Unicorn-2999.exe
2948	Unicorn-13113.exe
4832	Unicorn-17944.exe
1880	Unicorn-23420.exe
4496	Unicorn-8267.exe
5092	Unicorn-31679.exe
2512	Unicorn-52008.exe
2416	Unicorn-7638.exe
4060	Unicorn-21373.exe
2208	Unicorn-13448.exe
448	Unicorn-28393.exe
2276	Unicorn-56427.exe
1900	Unicorn-56519.exe
4336	Unicorn-42591.exe
4356	Unicorn-60411.exe
884	Unicorn-46697.exe
3040	Unicorn-46697.exe
2332	Unicorn-46697.exe
2648	Unicorn-18663.exe
3852	Unicorn-29598.exe
1940	Unicorn-12441.exe
2308	Unicorn-30169.exe
3420	Unicorn-58757.exe
3984	Unicorn-64979.exe
3032	Unicorn-3526.exe
904	Unicorn-38337.exe
1936	Unicorn-63396.exe
3448	Unicorn-42156.exe
4044	Unicorn-22985.exe
4260	Unicorn-1388.exe
4384	Unicorn-42421.exe
4648	Unicorn-15678.exe
2724	Unicorn-38237.exe
1504	Unicorn-32115.exe
4740	Unicorn-55228.exe
4480	Unicorn-1388.exe
5000	Unicorn-40018.exe
4748	Unicorn-1943.exe
4736	Unicorn-55228.exe
4860	Unicorn-29545.exe
2176	Unicorn-59525.exe
3648	Unicorn-24806.exe
4852	Unicorn-39105.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4296	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	87
PID 4784 wrote to memory of 4296	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	87
PID 4784 wrote to memory of 4296	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	87
PID 4296 wrote to memory of 3160	4296	Unicorn-53430.exe	88
PID 4296 wrote to memory of 3160	4296	Unicorn-53430.exe	88
PID 4296 wrote to memory of 3160	4296	Unicorn-53430.exe	88
PID 4784 wrote to memory of 4780	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	89
PID 4784 wrote to memory of 4780	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	89
PID 4784 wrote to memory of 4780	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	89
PID 3160 wrote to memory of 2944	3160	Unicorn-3243.exe	96
PID 3160 wrote to memory of 2944	3160	Unicorn-3243.exe	96
PID 3160 wrote to memory of 2944	3160	Unicorn-3243.exe	96
PID 4296 wrote to memory of 2012	4296	Unicorn-53430.exe	97
PID 4296 wrote to memory of 2012	4296	Unicorn-53430.exe	97
PID 4296 wrote to memory of 2012	4296	Unicorn-53430.exe	97
PID 4780 wrote to memory of 3192	4780	Unicorn-52999.exe	98
PID 4780 wrote to memory of 3192	4780	Unicorn-52999.exe	98
PID 4780 wrote to memory of 3192	4780	Unicorn-52999.exe	98
PID 4784 wrote to memory of 4108	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	99
PID 4784 wrote to memory of 4108	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	99
PID 4784 wrote to memory of 4108	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	99
PID 2012 wrote to memory of 3228	2012	Unicorn-7088.exe	101
PID 2012 wrote to memory of 3228	2012	Unicorn-7088.exe	101
PID 2012 wrote to memory of 3228	2012	Unicorn-7088.exe	101
PID 4296 wrote to memory of 2440	4296	Unicorn-53430.exe	102
PID 4296 wrote to memory of 2440	4296	Unicorn-53430.exe	102
PID 4296 wrote to memory of 2440	4296	Unicorn-53430.exe	102
PID 2944 wrote to memory of 2656	2944	Unicorn-57680.exe	103
PID 2944 wrote to memory of 2656	2944	Unicorn-57680.exe	103
PID 2944 wrote to memory of 2656	2944	Unicorn-57680.exe	103
PID 3160 wrote to memory of 3124	3160	Unicorn-3243.exe	104
PID 3160 wrote to memory of 3124	3160	Unicorn-3243.exe	104
PID 3160 wrote to memory of 3124	3160	Unicorn-3243.exe	104
PID 4108 wrote to memory of 3168	4108	Unicorn-59718.exe	106
PID 4108 wrote to memory of 3168	4108	Unicorn-59718.exe	106
PID 4108 wrote to memory of 3168	4108	Unicorn-59718.exe	106
PID 4780 wrote to memory of 3216	4780	Unicorn-52999.exe	107
PID 4780 wrote to memory of 3216	4780	Unicorn-52999.exe	107
PID 4780 wrote to memory of 3216	4780	Unicorn-52999.exe	107
PID 3192 wrote to memory of 4548	3192	Unicorn-31038.exe	105
PID 3192 wrote to memory of 4548	3192	Unicorn-31038.exe	105
PID 3192 wrote to memory of 4548	3192	Unicorn-31038.exe	105
PID 4784 wrote to memory of 4436	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	108
PID 4784 wrote to memory of 4436	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	108
PID 4784 wrote to memory of 4436	4784	377095437cd3759d73041f6918e99900_NeikiAnalytics.exe	108
PID 3228 wrote to memory of 2912	3228	Unicorn-6123.exe	111
PID 3228 wrote to memory of 2912	3228	Unicorn-6123.exe	111
PID 3228 wrote to memory of 2912	3228	Unicorn-6123.exe	111
PID 2012 wrote to memory of 332	2012	Unicorn-7088.exe	112
PID 2012 wrote to memory of 332	2012	Unicorn-7088.exe	112
PID 2012 wrote to memory of 332	2012	Unicorn-7088.exe	112
PID 2440 wrote to memory of 2220	2440	Unicorn-8161.exe	113
PID 2440 wrote to memory of 2220	2440	Unicorn-8161.exe	113
PID 2440 wrote to memory of 2220	2440	Unicorn-8161.exe	113
PID 3124 wrote to memory of 1840	3124	Unicorn-64047.exe	114
PID 3124 wrote to memory of 1840	3124	Unicorn-64047.exe	114
PID 3124 wrote to memory of 1840	3124	Unicorn-64047.exe	114
PID 4296 wrote to memory of 4416	4296	Unicorn-53430.exe	115
PID 4296 wrote to memory of 4416	4296	Unicorn-53430.exe	115
PID 4296 wrote to memory of 4416	4296	Unicorn-53430.exe	115
PID 2656 wrote to memory of 2972	2656	Unicorn-14291.exe	116
PID 2656 wrote to memory of 2972	2656	Unicorn-14291.exe	116
PID 2656 wrote to memory of 2972	2656	Unicorn-14291.exe	116
PID 3160 wrote to memory of 5092	3160	Unicorn-3243.exe	117

C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
1⤵
PID:18592

C:\Users\Admin\AppData\Local\Temp\377095437cd3759d73041f6918e99900_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\377095437cd3759d73041f6918e99900_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 464
        10⤵
        Program crash
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        9⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        9⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        9⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        9⤵
        
        PID:19256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59068.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        9⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        9⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        9⤵
        
        PID:18768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        8⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48281.exe
        8⤵
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        8⤵
        
        PID:19788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        8⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 492
        9⤵
        Program crash
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        8⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        8⤵
        
        PID:18552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47017.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        7⤵
        
        PID:18684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        9⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        9⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        9⤵
        
        PID:18512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        9⤵
        
        PID:15672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        8⤵
        
        PID:15664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        8⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        8⤵
        
        PID:19396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        8⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        8⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        8⤵
        
        PID:18520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:18616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        7⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64948.exe
        7⤵
        
        PID:18900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        6⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        6⤵
        
        PID:16044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        6⤵
        
        PID:19816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19619.exe
        8⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        9⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        10⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        10⤵
        
        PID:19312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        10⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        9⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        9⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        9⤵
        
        PID:20440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        9⤵
        
        PID:20356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        8⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27547.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        8⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48341.exe
        8⤵
        
        PID:19712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        7⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        7⤵
        
        PID:19528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        8⤵
        
        PID:12752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50313.exe
        8⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        7⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        7⤵
        
        PID:19588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        6⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        7⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        7⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12598.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        6⤵
        
        PID:18752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        8⤵
        
        PID:13684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        8⤵
        
        PID:18700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:18740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        7⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41876.exe
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        6⤵
        
        PID:19452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        7⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        6⤵
        
        PID:16228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        5⤵
        
        PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1797.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12526.exe
        5⤵
        
        PID:15736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        5⤵
        
        PID:19928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        9⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        9⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        9⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        9⤵
        
        PID:19880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37704.exe
        8⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
        8⤵
        
        PID:18640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33681.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        7⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
        9⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        9⤵
        
        PID:17372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        8⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        7⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52857.exe
        8⤵
        
        PID:13884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        8⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        7⤵
        
        PID:20464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        6⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        7⤵
        
        PID:18580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29754.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        6⤵
        
        PID:17112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        9⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        9⤵
        
        PID:18540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
        8⤵
        
        PID:17256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
        8⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        7⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        7⤵
        
        PID:17568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        7⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        7⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        7⤵
        
        PID:18504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        7⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        6⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        6⤵
        
        PID:19992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        6⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 488
        7⤵
        Program crash
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28472.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        5⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        5⤵
        
        PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        7⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        7⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30302.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        6⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        5⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        6⤵
        
        PID:19928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        7⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        6⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:7048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 460
        6⤵
        Program crash
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        5⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        5⤵
        
        PID:19996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        5⤵
        
        PID:18924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
      4⤵
      PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
      4⤵
      PID:17744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        9⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        9⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        9⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
        9⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        8⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        8⤵
        
        PID:19288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        8⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        8⤵
        
        PID:18724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        7⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        7⤵
        
        PID:19932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
        7⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1262.exe
        6⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        7⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
        7⤵
        
        PID:19804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        7⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        6⤵
        
        PID:10912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        6⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        6⤵
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        9⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
        9⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        9⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52156.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        8⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        8⤵
        
        PID:18564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        7⤵
        
        PID:16900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        7⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        6⤵
        
        PID:15632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        6⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 632
        8⤵
        Program crash
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:18632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        6⤵
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57316.exe
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        5⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        6⤵
        
        PID:18664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        6⤵
        
        PID:20220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        5⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        7⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34331.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        8⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2352.exe
        8⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2981.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        8⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        7⤵
        
        PID:17176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17176 -s 464
        8⤵
        Program crash
        
        PID:20396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        8⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        8⤵
        
        PID:19596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        7⤵
        
        PID:19076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        6⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        6⤵
        
        PID:20236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        5⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        7⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        8⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        8⤵
        
        PID:18760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        7⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        6⤵
        
        PID:15672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        5⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        6⤵
        
        PID:12372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        5⤵
        
        PID:12828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57029.exe
        8⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        8⤵
        
        PID:18936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        7⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        7⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        7⤵
        
        PID:19988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        6⤵
        
        PID:16632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        7⤵
        
        PID:18916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        6⤵
        
        PID:15924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        5⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        5⤵
        
        PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
      4⤵
      Executes dropped EXE
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        5⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        6⤵
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
        5⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58918.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        5⤵
        
        PID:20092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        5⤵
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36370.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        6⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        5⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        5⤵
        
        PID:18564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
      4⤵
      PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        5⤵
        
        PID:19336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
      4⤵
      PID:10852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
      4⤵
      PID:10220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
        7⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        7⤵
        
        PID:19380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        8⤵
        
        PID:19232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        7⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        7⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        6⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
        7⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        6⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53277.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        8⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        8⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        8⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        7⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        7⤵
        
        PID:16640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2405.exe
        6⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        7⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        6⤵
        
        PID:15560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15560 -s 436
        7⤵
        Program crash
        
        PID:20048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        6⤵
        
        PID:20424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        5⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        6⤵
        
        PID:18224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        5⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8331.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        7⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        7⤵
        
        PID:19736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        6⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        6⤵
        
        PID:15536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15536 -s 424
        7⤵
        Program crash
        
        PID:20028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58264.exe
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        5⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        5⤵
        
        PID:18640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        5⤵
        
        PID:7016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 452
        6⤵
        Program crash
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        5⤵
        
        PID:16052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        5⤵
        
        PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
      4⤵
      PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32077.exe
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
      4⤵
      PID:17348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        7⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44336.exe
        7⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        7⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        6⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        6⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        5⤵
        
        PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        6⤵
        
        PID:19944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        6⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16166.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        5⤵
        
        PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32888.exe
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        5⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31316.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22643.exe
      4⤵
      PID:16668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        7⤵
        
        PID:14484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        6⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
      4⤵
      PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
      4⤵
      PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      4⤵
      PID:7032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 460
        5⤵
        Program crash
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
      4⤵
      PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
      4⤵
      PID:18372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
      4⤵
      PID:19628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
    3⤵
    PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
      4⤵
      PID:15892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
    3⤵
    PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
    3⤵
    PID:14260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
    3⤵
    PID:17956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
    3⤵
    PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
    3⤵
    PID:19948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        9⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        9⤵
        
        PID:19248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62934.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        7⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        7⤵
        
        PID:19624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        7⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        6⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        6⤵
        
        PID:18336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4758.exe
        6⤵
        
        PID:19844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        6⤵
        
        PID:10964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        6⤵
        
        PID:19352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36265.exe
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        7⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
        7⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        6⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22031.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        6⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        5⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        5⤵
        
        PID:19436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        7⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59836.exe
        7⤵
        
        PID:19544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22271.exe
        7⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        7⤵
        
        PID:16424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        6⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        7⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        7⤵
        
        PID:18496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        6⤵
        
        PID:17732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53945.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        6⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        6⤵
        
        PID:19812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        5⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        5⤵
        
        PID:19944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41979.exe
        6⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5040.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38577.exe
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        5⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        
        PID:19648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        7⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8182.exe
        7⤵
        
        PID:19376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        6⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        7⤵
        
        PID:19404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        6⤵
        
        PID:16416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        6⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        5⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        5⤵
        
        PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46982.exe
      4⤵
      PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        6⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
        6⤵
        
        PID:19724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        6⤵
        
        PID:20388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        5⤵
        
        PID:16124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        
        PID:19632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
      4⤵
      PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        7⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        5⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        6⤵
        
        PID:18676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        6⤵
        
        PID:19496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        5⤵
        
        PID:12572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
      4⤵
      PID:17696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      4⤵
      PID:244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        6⤵
        
        PID:20328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40802.exe
        5⤵
        
        PID:18468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        5⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
      4⤵
      PID:11184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
      4⤵
      PID:14388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
      4⤵
      PID:19316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
      4⤵
      PID:11100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      4⤵
      PID:4620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37261.exe
    3⤵
    PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
      4⤵
      PID:12452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
      4⤵
      PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
      4⤵
      PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
      4⤵
      PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    3⤵
    PID:7008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
    3⤵
    PID:15860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    3⤵
    PID:19652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64621.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        8⤵
        
        PID:18708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        7⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:18608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        7⤵
        
        PID:19956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        6⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
        7⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        7⤵
        
        PID:18568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        6⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        6⤵
        
        PID:19304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
        5⤵
        
        PID:18484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12057.exe
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:18308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        5⤵
        
        PID:7244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        6⤵
        
        PID:14532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        6⤵
        
        PID:19288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
        5⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        5⤵
        
        PID:18600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        5⤵
        
        PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
      4⤵
      PID:11168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
      4⤵
      PID:15316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
      4⤵
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        5⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        7⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        7⤵
        
        PID:20464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        6⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        5⤵
        
        PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        6⤵
        
        PID:19412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        5⤵
        
        PID:12540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
    3⤵
    PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        6⤵
        
        PID:13780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        6⤵
        
        PID:18476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
        5⤵
        
        PID:13536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        5⤵
        
        PID:18652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
      4⤵
      PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
      4⤵
      PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      4⤵
      PID:19188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    3⤵
    PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      4⤵
      PID:17072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
    3⤵
    PID:12584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
    3⤵
    PID:17200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        7⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        7⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        6⤵
        
        PID:15616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19342.exe
        6⤵
        
        PID:19340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        5⤵
        
        PID:18488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        5⤵
        
        PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        6⤵
        
        PID:11480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36411.exe
        6⤵
        
        PID:16884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        5⤵
        
        PID:19920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53770.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        5⤵
        
        PID:19664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
      4⤵
      PID:15032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
      4⤵
      PID:19388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
      4⤵
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        5⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52369.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34936.exe
        6⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        5⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
      4⤵
      PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        5⤵
        
        PID:19368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
      4⤵
      PID:16160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        5⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        5⤵
        
        PID:20396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      4⤵
      PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9176.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
      4⤵
      PID:18624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
    3⤵
    PID:7552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
    3⤵
    PID:11888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
    3⤵
    PID:16040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        5⤵
        
        PID:7040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 460
        6⤵
        Program crash
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51118.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        5⤵
        
        PID:12552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
      4⤵
      PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43355.exe
      4⤵
      PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        6⤵
        
        PID:15540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        6⤵
        
        PID:19256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:19088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        6⤵
        
        PID:20368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54301.exe
        6⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4491.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17536.exe
        5⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        5⤵
        
        PID:19096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
      4⤵
      PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
        5⤵
        
        PID:19152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
    3⤵
    PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      4⤵
      PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
      4⤵
      PID:16984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
    3⤵
    PID:9576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
    3⤵
    PID:14060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
    3⤵
    PID:18288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37901.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
      4⤵
      PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      4⤵
      PID:13200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
      4⤵
      PID:17492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
    3⤵
    PID:10212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
    3⤵
    PID:14192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
    3⤵
    PID:18544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
  2⤵
  PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
    3⤵
    PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
    3⤵
    PID:9584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
    3⤵
    PID:13164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
    3⤵
    PID:17512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
    3⤵
    PID:7656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
  2⤵
  PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
    3⤵
    PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
      4⤵
      PID:19348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8487.exe
    3⤵
    PID:13768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
    3⤵
    PID:17720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
  2⤵
  PID:9528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
  2⤵
  PID:14272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
  2⤵
  PID:18384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
  2⤵
  PID:19764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
  2⤵
  PID:20240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7056 -ip 7056
1⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7016 -ip 7016
1⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 7008 -ip 7008
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7032 -ip 7032
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 7000 -ip 7000
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7040 -ip 7040
1⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 7048 -ip 7048
1⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7024 -ip 7024
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3604 -ip 3604
1⤵
PID:15556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 17004 -ip 17004
1⤵
PID:19868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe

Filesize
184KB

MD5
0651e66eb6a46c95bdb19cdff1bff863

SHA1
ab8b42dd2f4005a26376d48081c296726b30361d

SHA256
8437d7e909d20e0324aec4e0570a31b452d479d2acc90d81ddd10dd3e1dd47b4

SHA512
6992daa338946e79cbd3028f213851aebfdf28a493379a5b368bc89ff014a643a27820491e1d97f94a20f9841b6a812da33eb1ed6c394c805ecf5c4e415612a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe

Filesize
184KB

MD5
641a05428c8580f7b2924f7cacf4a36f

SHA1
ad396d28d2afc1a84f33f11b47ae0cfb19d12459

SHA256
f2015d3c8a169fc29799848d0f188517ed316ffb5446b8e1c00877397575bf5f

SHA512
6fa9ce027ffd9080069c9fd475addddb93c7d8d4736685ce8b58c7fbed62d68c27982d76795360b0c147d2272ee670e92bb90820009189326c5612adab0e47b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe

Filesize
184KB

MD5
5f61ac8b7f490e22772f78f1bffb464b

SHA1
d21c380df4dedfadb78d39ffa0f067bd369133c3

SHA256
ad5160d4783ccd863366002bfd9f48f05c871f978d80c59e5e3db084cd9a89c4

SHA512
86d2d4082c5a34c6bb598993105d6b890bec615721d316a34698f03e9a4644015a6c4f8b0552261431f857573c704d3580fe82e98fc6765456469549b00c440e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe

Filesize
184KB

MD5
431a7cbfe5f33f406006b0df9a10fbbc

SHA1
a6f868d2b560c61db71ebc1bb8365e457fe2db77

SHA256
3412e7355a685b09553c5e3a8634cd33c6990289c37676da9004d7fc249ac0ad

SHA512
130843b882b8f33e2b9f69412502cf209287523476e49cf48bdd3f034b864c2ec6000bce4fea3d99ec667e7c18dcf78d0ef1092c40280cb01f87d6c38b183be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17944.exe

Filesize
184KB

MD5
2c7313084ac730d17572794f30c3e8fc

SHA1
49b1d5cfa367e50291b7cb55d72a42ab563f49cc

SHA256
87153a86830787f43867093bc36c688e7f1d717238638b9db329d43f1bf6190f

SHA512
4a4b159a1289ffe726df745a35b6f1f766a6ff9be0063d9c5f522e1d16e70a4897f19588679a3bce2f61c3b63e1602e225b28a0398943f588fec66c770a7d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21373.exe

Filesize
184KB

MD5
04ab80830fcccae19f5a059428e10342

SHA1
08af8a4bc149f476b94180eb9ee0416d9e2cdddb

SHA256
867ab6e5b7a916be583c8d344b0332d029dbebb35414ca7fbcef574d5bc3639d

SHA512
5cdefb4efc5ab29fdd737c609f518e7e37f6916da0ca70d86915e47dc7bd6a014f6b5dad50950f24aff3efbbc3f56c6f1d56b08037efb190be46edca22a8014c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe

Filesize
184KB

MD5
d60d99fd3da6c78b34486c9d6b075268

SHA1
f6d6af64ab6e704629cb71e86fb7521db2a96e76

SHA256
fbdb401817d7154f65118b6ab740e0f6b8c74a0ab20c1d5953ed4712f7331da1

SHA512
f02cc657fddccc6dace48edb0b576277688164c2016ca2fb6680fd2caa76ffb8a69201d026a36cc25bae9c17535cb15c02c4897aa63bef45fcc76bb2eccac624

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe

Filesize
184KB

MD5
132d662ac4bcee52dcbdf10860700765

SHA1
d2910a2ef8e6fc50896a2f427c1bc7a7b42eaef1

SHA256
a692ca7d8da4ee58cfe287d8fa5c0476ccfe34b9d315fa878f14c7a6bc1a62df

SHA512
2c2469d2ee40ec7c68388697d9888ec03bbe132fd18680e1bbfa42687b3205d351fa3e89e40a35e8e40056c426fa6de184ef5db3a3233a0aaea0237587ad83d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe

Filesize
184KB

MD5
b82fa722e87d2c9e6f835cf785eada2f

SHA1
13e9c501a5bc83789a84ac248b88a155a81799ab

SHA256
aa4ba788e15c0b165007ad100d83610693d1bef3a9aad837e8c939441c06b92a

SHA512
96ea67d0774e6b4ebcb2713776d0898d2f8dc9b67b021fb1c1b3f206808e870066e9319dabfd90b7ba10693af9c33b9be3ff7e17c55fa5706ca6efe1b18090b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe

Filesize
184KB

MD5
d868e8436e379ddc7c688bd7cfdd1716

SHA1
962b202a8fff05154b50457f99d9adab221f56c7

SHA256
aba75952c2e0b3d417e8d57f7d780a2901a5554f224fba8039c6d1409ee12584

SHA512
cd3ee0563df23f42e62aa925331f8be266d38a7568cbc4ed36bd72c6e98637810301e6697b03a079688d6b5f4f42560ef8418ba52be0ebd58c947ad1a2fc0db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe

Filesize
184KB

MD5
d6d1fe0bd11a5b3fd69ae01c68a759e0

SHA1
346b77501a58f6a4eb1eedb3e4d84c468cc018ae

SHA256
b22fe6ac94d4e11522672e9dcc6f6d79763e9a4a57924bb38e3e30edf30a9892

SHA512
31c9f2f785cd359c317073bb62277084f7d79ee21ac55838b23225ad4b3e80667ccb99a6c0e7814ea6015ccfbc88e24c7f50dce486accf862a1c6015ceae2bd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe

Filesize
184KB

MD5
ea1f274c33c6bd03a68876df54f31f68

SHA1
cbd1ebe71027cd90c1296ee37e53cae746513d8b

SHA256
15a855bf7a584579c17dd473c9c907e95fd20e936b9e269662a1f71218eaefb3

SHA512
6d5ecc29e6860a3ae10333655dbb67299022af523f427a8da509c5862f85d8f94b90a83e3c096c766498bc492773a779d7c5e9f89f7cec7ee5a710b5239d8c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2999.exe

Filesize
184KB

MD5
e37afd2b161b83a2d6f8091d33b7dcc0

SHA1
e26ef4869bda06822a50d006fdcdc8aaad5134d4

SHA256
f7dc34d196aeda705762e74256f588ef3c123dffbf3b882dd0fecac9f46f333a

SHA512
3cfbfe3c95372f205fbd695b394014fb38f370f8c7ed4680aaee0cab30d762cedcca3419c934b794fb0388403888a7b8034f3d214049106075b8bf25f144ea49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe

Filesize
184KB

MD5
9772ea797a0c799c825365bb2711a175

SHA1
2e5b9873e4b61c4d4c4065372e50aabcfb914db8

SHA256
e8a9442b1648c457daa38ad49f0c1f65f8c40e694150f9dc74f2f0ec84fe21fe

SHA512
1d268308ecdcd9b875f3fc410c7c4f7a20a7fbb8b1abc63c3e28b345086d5a78d43778025d5b194feb339ae273e1396e13ae8ab7e17e9a2d9debfa9e06929d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe

Filesize
184KB

MD5
d306b59cb218ad75d008885bd894d4c8

SHA1
fa72a9a84565530f764aa1ee4ffb73b627c8aca5

SHA256
69d80d271f3e022ce8330699afa80a8ee2b4468bfa53102cf18bbd6eed22dcdc

SHA512
5959285e8f740192669bd37b51637ccd3545391cfd14917b63c25f5023ae18ea4a05e040df37e8854a7bf746b239791190cee022d61d69bb11b77b948916a431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe

Filesize
184KB

MD5
9a59921376c149ccf0b650735d74a1cb

SHA1
8c55971b4e78880273057f93d29ca6b95ffe7a7c

SHA256
44a0153668a78e7d6c429105b1b7f41dffd8dbc34eaac4c5bc23e230395fca58

SHA512
a0c1fd1af15dee02d558a9a5b05c34d5946778fa3757833432c2de9e683f25d7dab8c1da5f0fd373a3cfc0de655e84a0a03ec39765d73069945f65c5429cb01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe

Filesize
184KB

MD5
095eef8d54438fd6b68cfd52a8c0fa07

SHA1
e1d37f04cd267b34fa6e81dd0306e5c5fea96f42

SHA256
9ac680018ba02ef67e1998d36f1765bea7a638cd570640b26a1520aa461d3be9

SHA512
d6e436a2836a3364992de8b88adcb526d7c3320394c6e8afe7c32f0ef452f59c8798f743568004c382ab7b37dcae379bca9e31974b162c0e19299b5e87708c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe

Filesize
184KB

MD5
b7bbee7da92ac1564a6eb6c4c8aa19a2

SHA1
69152402fbe9d81b7bf2fe020e9181fb396a6219

SHA256
92cc5d7a0971dab2ebfef402bc7c135fdc1b0b3459d5cf76bf94b39314429229

SHA512
c3896c6e8d247c972d8e2b8c040c17b19443f82134efe0081d3aef7db03c55ffe9f253f18caf5080599801fed34520eed47032511e54417c99582f619d6de7e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe

Filesize
184KB

MD5
6c7d2d14b2eb61a5808bfcd5cf65f73c

SHA1
ba0683774f14482498188611c37214744998816a

SHA256
e74dde4dad6cc6999e6818f69dd6b7404c84a0fa882c1929ad1751814948eea1

SHA512
2c88ec0e2a5fc87779ff051cf599d1919d0a576b4298132254b04d7cfd4c822fad2d001a227582242e064cbd239bb132bfb79e094433e715d4bf367824630b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52008.exe

Filesize
184KB

MD5
a8c537f02a8bce13023fe9576899e822

SHA1
663d97d8200e8d1f4216dd87d69b600c27f90af2

SHA256
b864addfe963915a910cb669e02ce9d4d61d149bde47c06576d15ed33fc430aa

SHA512
4817c60d75aaefcad2e1bfb28917e8b3f38b4e7d09eeb78d28b87a9fc378bed056e593dabead441689c6afdc94e6a253110a3bf4f5a7a9ca9bd21ebb0191977e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe

Filesize
184KB

MD5
fd825e4e3abe6b513fd5be4ddf12de8a

SHA1
e4ca2b859fe55f21f720d40f138bfd6be4da1c32

SHA256
83a6f2e5a928242074c1081c6ec7903a5f3aa34e29596311b38e5e65e4ea2731

SHA512
1103f033b2efb9c723cb086631130dea77db6159674ef1d80b0873bed6adfff40c0b85fa14890d8ab7b9c2cd371dbe872ae347a82c5a4e7be79dbabecdd93a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe

Filesize
184KB

MD5
9d913704d836a16a0e10f9a83feac89c

SHA1
40b8a5083cfe3c5d74a7a500eef464ce1e556b48

SHA256
931c03b8be11b0dcdddbc50d6011c9728264074be816004eaa890da3c22f242f

SHA512
b872d5c9f247d44c297b11c06b1ffbbfee15630d6c0ccd72a6b2e04003b3e88fec953fe4ca5f6768ce8709705f589a4f4f3b3608cc37f82540a0170ce1f4f29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe

Filesize
184KB

MD5
7d9819c963f1579fcb446adae8b4615e

SHA1
5f112255a00051f4d8cc72252532bfa8bfdf38e3

SHA256
d08183d5d6e7915d6e3f5b0d08511696b121b23ee4c0c4680568abad38f393e3

SHA512
f1a63d0e65fb8352d251b0beb58ea708ffdd5c6aa366d35f66d7b6ce11c263fb1ea5303c73c3a85ced5c504aa804b86f87b9e4a1ede4e944b5e5ff36a0167073

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe

Filesize
184KB

MD5
fb9c38fdba712d7eb9b89f70b03575a4

SHA1
fd0a42b24f944ec577dc7959d7677eb1b5bb1916

SHA256
0aeeae044aa19c465760fa763c27a1935c3cf213f91c7d5d7efd0f3cbe773e23

SHA512
fcbf7278819b6f66d900e1303fa91d56eed6f8829aab54a2f5fc7653dfcc117bc6ec68590f18bfb6ea395d3f9c92760b3afdc92946cca902fa8ea895991829e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe

Filesize
184KB

MD5
6760607eec36518e5f59578f1190ef68

SHA1
f203b4df8b69c62cea8f4798d73aca66cf83fe69

SHA256
6da837ed6ad07cc5f5c8860046e91428a39c270221561907766dcf033867e3b0

SHA512
bdaca405980d8b13eca3a265a348781d35ae289590c2a743c6af38de21c1ef10c5bb722794f55e0d281882a8bbb40774557946a16a26c49a94bae78d3774be61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe

Filesize
184KB

MD5
c53f9a34a660d44181fc18e5bde36640

SHA1
870a8b176f487b0769a25a913f43a4034dc3efeb

SHA256
8f59c6ae24c711fad09f9e0208b8e3579a4297debaf02df776fc168c3220e974

SHA512
3b23106ca01dd80719cb9eff9a854fe958af5926d64d14de5d50be0726c85ecb6e51ec9121c0abdf591f4c80a643d6fdd9d32a25bf0e22231d288767f56ce63d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe

Filesize
184KB

MD5
3d5f8a858e18da49945ec4410f2699f8

SHA1
13f6ff756471e010153b3f3866fc24bb794df5f3

SHA256
213f719db4caad2b9e36d43fe29c6f0be25f42a755d8f5aa5fb241b9901f51a2

SHA512
f096bc1d2f020612e240399f9196ced1c58534ed58b2a68b948df44226ec411d0b90f925c32511fc8bfdb6d336f4960c03f39fc688d93dd9406d38478e554f8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe

Filesize
184KB

MD5
6f397999d17a24076a5db8c4be505980

SHA1
81f6a1036d3e56e8866704f45fdc5357b771f52c

SHA256
bb9c929b4ad38bf7ec709bb8bbea0a73bd6bc18e9ed143193986a909db71e6d1

SHA512
049763fe6dca7388233b7effe6e8e1f4cc3b2fa8961dbe5881c323db3c355db011f8c66cc640b8f3735462d4c676a8755e77289057e53a86c2708046d459efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe

Filesize
184KB

MD5
a6a1a6022e891573069a29374d7b35cf

SHA1
2b074a87e4ba1bade88e1193d8b940dd68f4c797

SHA256
a49f608c6ecda3f57abe9237c760231ee96907514bc2b12afdcad60ca1bbfb65

SHA512
ea3f808a2b3304562370a879451373df3a7bd302d533c2aca6fd126df488e10770708640868de7965223e9b03e1754d7dbdb3b9009c291d3ea59dbc8914b00ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe

Filesize
184KB

MD5
49877147308787b02e23341ee9b238a9

SHA1
4a036e830698dd93a6ef76a6519039edd8e77fc1

SHA256
cd87d2937885e995cd2b514122ca50d17275bbfa9da15404b5b768aedb434f26

SHA512
ba3cf216daa0376f358e5afc78694330073193321978a293c0f0c4f5a7b2d8b8954444ee57d36715b6e8c1a5e7b5ab139171ed41e98c08c875e8cd102b8d6009

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe

Filesize
184KB

MD5
e52f3065603ca130b11610c35e741614

SHA1
d3ee662ded64e14fcf9fb261e01298a89d8e0947

SHA256
c6c794eb1abee2d0af1c922c6a20de3e5df19611faa26e4469e336df81a062ec

SHA512
5a97b89138305524b623a81c25acce8a7406da7e8dad63b8a6c49f7c511c9a2da8d85f025188802fe152139e72257fa27d98e390e0e98917ab605c03fab97927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe

Filesize
184KB

MD5
c3221529ab2a834ae04d5caaa41f6bc1

SHA1
86fc4809ce715b3bb579331d882f61ea1900eead

SHA256
91ed298130ad43f659182518077836b37028b62c278ab78bec607663ef1db3ad

SHA512
a51217a7381dcb85e46c867a0ceab223b634c3f84e80a7a898ef79196da5261744344956bda26746a6691d4c72f5e826b61ed89676e2548a8584bf949b576fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe

Filesize
184KB

MD5
0f7704d38492506e89cfe2fd166556ae

SHA1
a0294bb31126db724e859ef4caf0a8cefb0a13b9

SHA256
fc07a567906e9a2ea99fedad8b8237ed314a4f5870cf48e6528ad9650e943ecb

SHA512
d6b76c28963753d1522b0b93d85f21f07606fc77d71ffede2cb4cf5066b032d8db25e4678d41d00199d80bc0ec6380f9e8faf8fd4006f18272175d098cb10eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe

Filesize
184KB

MD5
cce5b13ff3172f93268146f4189e8ddb

SHA1
56a13f3a89c160bb6c64b34b7056a60cc27c5635

SHA256
981bc9ed6877253db8d17fe6aa49ddd9e3bdf0dbdd16ea109498e93185bb1198

SHA512
428b93db49bbf124feb5d134ca776d1fa64bb209330bd1ffe1a95e5fac8f50212f73ebdbec7048cb1dc9c40730e2cf5faf2ffb5ca7633bc6428e21fe1acfc6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe

Filesize
184KB

MD5
4878a923e6274d032a282f3b539ef117

SHA1
e734efcdfeba6b8c1aace245361184dfd5b3ac17

SHA256
7dfac494bed9ac6836055ff6a7f2cda8f1875f66f7d4eab985d69c0b255f6081

SHA512
fc1a6774eed0514044d6faa902efa9cd934af7adb24b288fda310eb6113df1e0cd4c8ae1d56c29fa40e97fa2caee52ff63d04b6ed9a944583de4baa0dc53f128

Download Submit
memory/3216-4527-0x0000000075140000-0x00000000751D4000-memory.dmp

Filesize
592KB

Download
memory/4436-4528-0x0000000075970000-0x0000000075A0F000-memory.dmp

Filesize
636KB

Download
memory/11396-4635-0x00007FFFF1ED0000-0x00007FFFF1F53000-memory.dmp

Filesize
524KB

Download
memory/14188-4384-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17444-4416-0x00007FFFF24D0000-0x00007FFFF26C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads