af11dec9a31209590b15d959d5b59bcc89d1688f099c92d9256a6f13e8fd5851

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe
Size

184KB
MD5

0e2987821b61dffc028d1dfc5a3484a0
SHA1

3ff0b68ee7376ecd0d21608536b6fead4b04c1ba
SHA256

af11dec9a31209590b15d959d5b59bcc89d1688f099c92d9256a6f13e8fd5851
SHA512

475eaf4e660f527e0c8c501a6c9e7d8c8a1b7970e55bd83148cedb0a6e6302a3b288d2519089c7fa22678a0a3234992c2dca5d4d4a510e4a1ffbdd4bdc511705
SSDEEP

3072:S5ljtkoWeLE3pFWtWPvkhVuzvMqJviu5p:S5woK5FWIkDuzEqJviu5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2836	Unicorn-10136.exe
2740	Unicorn-9280.exe
2628	Unicorn-54952.exe
728	Unicorn-46753.exe
1000	Unicorn-24478.exe
628	Unicorn-14272.exe
4920	Unicorn-35247.exe
3268	Unicorn-25041.exe
4636	Unicorn-54376.exe
3524	Unicorn-33209.exe
392	Unicorn-33209.exe
5044	Unicorn-8190.exe
4904	Unicorn-27791.exe
2064	Unicorn-25233.exe
4820	Unicorn-2766.exe
3228	Unicorn-49457.exe
4280	Unicorn-62648.exe
4780	Unicorn-59737.exe
3048	Unicorn-43209.exe
4412	Unicorn-28910.exe
4568	Unicorn-1854.exe
2332	Unicorn-18897.exe
2040	Unicorn-2560.exe
1596	Unicorn-21912.exe
4660	Unicorn-12981.exe
3076	Unicorn-2046.exe
968	Unicorn-60121.exe
1804	Unicorn-53991.exe
4316	Unicorn-7391.exe
1008	Unicorn-27257.exe
2684	Unicorn-21838.exe
2312	Unicorn-12311.exe
1292	Unicorn-15663.exe
3108	Unicorn-11408.exe
1496	Unicorn-38143.exe
3508	Unicorn-43313.exe
1112	Unicorn-15471.exe
1592	Unicorn-13136.exe
3588	Unicorn-54169.exe
2008	Unicorn-45544.exe
2520	Unicorn-1439.exe
3992	Unicorn-21305.exe
4360	Unicorn-11792.exe
3496	Unicorn-41127.exe
4672	Unicorn-16431.exe
2636	Unicorn-14807.exe
448	Unicorn-11984.exe
4400	Unicorn-30358.exe
8	Unicorn-11023.exe
2592	Unicorn-44849.exe
4892	Unicorn-20345.exe
3788	Unicorn-12103.exe
1896	Unicorn-15191.exe
3240	Unicorn-15191.exe
4036	Unicorn-38911.exe
3392	Unicorn-36110.exe
5048	Unicorn-45041.exe
1436	Unicorn-25175.exe
4252	Unicorn-20537.exe
2004	Unicorn-61215.exe
3412	Unicorn-47480.exe
4856	Unicorn-52737.exe
2824	Unicorn-16343.exe
1672	Unicorn-6551.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
3544	8	WerFault.exe	141
6556	5868	WerFault.exe	219
9896	5740	WerFault.exe	197
9432	8340	WerFault.exe	387
9992	8348	WerFault.exe	388
16208	6392	WerFault.exe	290
16592	3752	WerFault.exe	819
16768	4080	WerFault.exe	818
2940	3004	WerFault.exe	965
7260	5496	WerFault.exe	1087
19412	16524	Process not Found	1219
14712	9424	Process not Found	1236

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5740	Process not Found
Token: SeChangeNotifyPrivilege	5740	Process not Found
Token: 33	5740	Process not Found
Token: SeIncBasePriorityPrivilege	5740	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe
2836	Unicorn-10136.exe
2628	Unicorn-54952.exe
2740	Unicorn-9280.exe
728	Unicorn-46753.exe
1000	Unicorn-24478.exe
628	Unicorn-14272.exe
4920	Unicorn-35247.exe
3268	Unicorn-25041.exe
4636	Unicorn-54376.exe
3524	Unicorn-33209.exe
392	Unicorn-33209.exe
4904	Unicorn-27791.exe
5044	Unicorn-8190.exe
2064	Unicorn-25233.exe
4820	Unicorn-2766.exe
3228	Unicorn-49457.exe
4280	Unicorn-62648.exe
4780	Unicorn-59737.exe
3048	Unicorn-43209.exe
4412	Unicorn-28910.exe
2332	Unicorn-18897.exe
4568	Unicorn-1854.exe
1008	Unicorn-27257.exe
3076	Unicorn-2046.exe
4660	Unicorn-12981.exe
1804	Unicorn-53991.exe
1596	Unicorn-21912.exe
2040	Unicorn-2560.exe
2684	Unicorn-21838.exe
968	Unicorn-60121.exe
4316	Unicorn-7391.exe
2312	Unicorn-12311.exe
1292	Unicorn-15663.exe
3108	Unicorn-11408.exe
1496	Unicorn-38143.exe
3508	Unicorn-43313.exe
1112	Unicorn-15471.exe
1592	Unicorn-13136.exe
3588	Unicorn-54169.exe
2520	Unicorn-1439.exe
2008	Unicorn-45544.exe
3992	Unicorn-21305.exe
4360	Unicorn-11792.exe
3496	Unicorn-41127.exe
4672	Unicorn-16431.exe
2636	Unicorn-14807.exe
448	Unicorn-11984.exe
4400	Unicorn-30358.exe
8	Unicorn-11023.exe
2592	Unicorn-44849.exe
1896	Unicorn-15191.exe
3788	Unicorn-12103.exe
4892	Unicorn-20345.exe
3240	Unicorn-15191.exe
4252	Unicorn-20537.exe
1436	Unicorn-25175.exe
3392	Unicorn-36110.exe
2004	Unicorn-61215.exe
4036	Unicorn-38911.exe
5048	Unicorn-45041.exe
3412	Unicorn-47480.exe
2824	Unicorn-16343.exe
4472	Unicorn-38631.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2836	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	88
PID 1736 wrote to memory of 2836	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	88
PID 1736 wrote to memory of 2836	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	88
PID 2836 wrote to memory of 2740	2836	Unicorn-10136.exe	92
PID 2836 wrote to memory of 2740	2836	Unicorn-10136.exe	92
PID 2836 wrote to memory of 2740	2836	Unicorn-10136.exe	92
PID 1736 wrote to memory of 2628	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	93
PID 1736 wrote to memory of 2628	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	93
PID 1736 wrote to memory of 2628	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	93
PID 2628 wrote to memory of 728	2628	Unicorn-54952.exe	96
PID 2628 wrote to memory of 728	2628	Unicorn-54952.exe	96
PID 2628 wrote to memory of 728	2628	Unicorn-54952.exe	96
PID 1736 wrote to memory of 1000	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	97
PID 1736 wrote to memory of 1000	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	97
PID 1736 wrote to memory of 1000	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	97
PID 2740 wrote to memory of 628	2740	Unicorn-9280.exe	98
PID 2740 wrote to memory of 628	2740	Unicorn-9280.exe	98
PID 2740 wrote to memory of 628	2740	Unicorn-9280.exe	98
PID 2836 wrote to memory of 4920	2836	Unicorn-10136.exe	99
PID 2836 wrote to memory of 4920	2836	Unicorn-10136.exe	99
PID 2836 wrote to memory of 4920	2836	Unicorn-10136.exe	99
PID 728 wrote to memory of 3268	728	Unicorn-46753.exe	100
PID 728 wrote to memory of 3268	728	Unicorn-46753.exe	100
PID 728 wrote to memory of 3268	728	Unicorn-46753.exe	100
PID 2628 wrote to memory of 4636	2628	Unicorn-54952.exe	101
PID 2628 wrote to memory of 4636	2628	Unicorn-54952.exe	101
PID 2628 wrote to memory of 4636	2628	Unicorn-54952.exe	101
PID 628 wrote to memory of 392	628	Unicorn-14272.exe	103
PID 628 wrote to memory of 392	628	Unicorn-14272.exe	103
PID 628 wrote to memory of 392	628	Unicorn-14272.exe	103
PID 1000 wrote to memory of 3524	1000	Unicorn-24478.exe	102
PID 1000 wrote to memory of 3524	1000	Unicorn-24478.exe	102
PID 1000 wrote to memory of 3524	1000	Unicorn-24478.exe	102
PID 2740 wrote to memory of 5044	2740	Unicorn-9280.exe	104
PID 2740 wrote to memory of 5044	2740	Unicorn-9280.exe	104
PID 2740 wrote to memory of 5044	2740	Unicorn-9280.exe	104
PID 1736 wrote to memory of 4904	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	105
PID 1736 wrote to memory of 4904	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	105
PID 1736 wrote to memory of 4904	1736	0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe	105
PID 4920 wrote to memory of 2064	4920	Unicorn-35247.exe	106
PID 4920 wrote to memory of 2064	4920	Unicorn-35247.exe	106
PID 4920 wrote to memory of 2064	4920	Unicorn-35247.exe	106
PID 2836 wrote to memory of 4820	2836	Unicorn-10136.exe	107
PID 2836 wrote to memory of 4820	2836	Unicorn-10136.exe	107
PID 2836 wrote to memory of 4820	2836	Unicorn-10136.exe	107
PID 3268 wrote to memory of 3228	3268	Unicorn-25041.exe	108
PID 3268 wrote to memory of 3228	3268	Unicorn-25041.exe	108
PID 3268 wrote to memory of 3228	3268	Unicorn-25041.exe	108
PID 728 wrote to memory of 4280	728	Unicorn-46753.exe	109
PID 728 wrote to memory of 4280	728	Unicorn-46753.exe	109
PID 728 wrote to memory of 4280	728	Unicorn-46753.exe	109
PID 4636 wrote to memory of 4780	4636	Unicorn-54376.exe	110
PID 4636 wrote to memory of 4780	4636	Unicorn-54376.exe	110
PID 4636 wrote to memory of 4780	4636	Unicorn-54376.exe	110
PID 3524 wrote to memory of 3048	3524	Unicorn-33209.exe	111
PID 3524 wrote to memory of 3048	3524	Unicorn-33209.exe	111
PID 3524 wrote to memory of 3048	3524	Unicorn-33209.exe	111
PID 2628 wrote to memory of 4412	2628	Unicorn-54952.exe	112
PID 2628 wrote to memory of 4412	2628	Unicorn-54952.exe	112
PID 2628 wrote to memory of 4412	2628	Unicorn-54952.exe	112
PID 1000 wrote to memory of 4568	1000	Unicorn-24478.exe	113
PID 1000 wrote to memory of 4568	1000	Unicorn-24478.exe	113
PID 1000 wrote to memory of 4568	1000	Unicorn-24478.exe	113
PID 4904 wrote to memory of 2332	4904	Unicorn-27791.exe	114

C:\Users\Admin\AppData\Local\Temp\0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e2987821b61dffc028d1dfc5a3484a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        9⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        9⤵
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        8⤵
        
        PID:13940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
        8⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15761.exe
        8⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        9⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        9⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        8⤵
        
        PID:16664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        8⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        8⤵
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        7⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        7⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        8⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        8⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 72
        9⤵
        Program crash
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        7⤵
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        7⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        6⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        7⤵
        
        PID:16420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        6⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        6⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
        8⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4782.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        7⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        7⤵
        
        PID:16588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        6⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
        7⤵
        
        PID:13892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        6⤵
        
        PID:12380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
        6⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        6⤵
        
        PID:13532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        6⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39423.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        5⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
        5⤵
        
        PID:17140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        8⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30487.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
        7⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        8⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        8⤵
        
        PID:15884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
        7⤵
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        6⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        6⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        5⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
        5⤵
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
        8⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        8⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49927.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        7⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45823.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        7⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        7⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        7⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51407.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        6⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 212
        7⤵
        Program crash
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        6⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        5⤵
        
        PID:16148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        6⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        7⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        6⤵
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        6⤵
        
        PID:16688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        5⤵
        
        PID:14692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        5⤵
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        5⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17952.exe
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
      4⤵
      PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
      4⤵
      PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        8⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        8⤵
        
        PID:14708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
        7⤵
        
        PID:16140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        7⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29651.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        6⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        6⤵
        
        PID:18152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        6⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        8⤵
        
        PID:17560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
        7⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        7⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        7⤵
        
        PID:16208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:12824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        7⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        7⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        6⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        6⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        6⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        5⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7328.exe
        5⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        5⤵
        
        PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60320.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        8⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        7⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        6⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13102.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        6⤵
        
        PID:13952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
        7⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        5⤵
        
        PID:14340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        5⤵
        
        PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        5⤵
        
        PID:16576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        5⤵
        
        PID:7644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37327.exe
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        5⤵
        
        PID:17536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        5⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        5⤵
        
        PID:9384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        5⤵
        
        PID:16740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35230.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49591.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
      4⤵
      PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
      4⤵
      PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        8⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        8⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58952.exe
        7⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        7⤵
        
        PID:13204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        7⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        7⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        6⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
        7⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
        7⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        5⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        6⤵
        
        PID:13324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        6⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        5⤵
        
        PID:14160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        7⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        7⤵
        
        PID:16272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        6⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        6⤵
        
        PID:15440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        5⤵
        
        PID:8348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 440
        6⤵
        Program crash
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
      4⤵
      PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65112.exe
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        6⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        5⤵
        
        PID:14076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        5⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32688.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
        5⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        5⤵
        
        PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
      4⤵
      PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
      4⤵
      PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        7⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 636
        7⤵
        Program crash
        
        PID:16208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 720
        6⤵
        Program crash
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        5⤵
        
        PID:9400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        5⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64975.exe
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        6⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        5⤵
        
        PID:16492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        5⤵
        
        PID:17816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      4⤵
      PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
      4⤵
      PID:18224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
        5⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        5⤵
        
        PID:17548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        5⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        5⤵
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
      4⤵
      PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
      4⤵
      PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36887.exe
    3⤵
    PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
      4⤵
      PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
      4⤵
      PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47063.exe
      4⤵
      PID:18080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      4⤵
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe
    3⤵
    PID:7724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34958.exe
    3⤵
    PID:10592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
    3⤵
    PID:12732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
    3⤵
    PID:17492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        7⤵
        Executes dropped EXE
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        9⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        10⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        10⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        10⤵
        
        PID:17360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        9⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        9⤵
        
        PID:14436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        9⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        8⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
        8⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        9⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        9⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        8⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        8⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        8⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        7⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        7⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 468
        8⤵
        Program crash
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        8⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        8⤵
        
        PID:14536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        7⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        8⤵
        
        PID:14324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        7⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
        7⤵
        
        PID:13560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        7⤵
        
        PID:17132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        7⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8391.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        6⤵
        Executes dropped EXE
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        7⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33320.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20696.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56009.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        6⤵
        
        PID:15848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64039.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        7⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:16700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        7⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        6⤵
        
        PID:14468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        5⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        9⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        9⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51935.exe
        8⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        8⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        8⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
        7⤵
        
        PID:13824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        7⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        6⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        6⤵
        
        PID:16944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43107.exe
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        6⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        7⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59023.exe
        7⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        7⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4286.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        6⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50353.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62216.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        6⤵
        
        PID:13512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55432.exe
        6⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        6⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        5⤵
        
        PID:10944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
        5⤵
        
        PID:17328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        5⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
        6⤵
        
        PID:15236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        6⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        6⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        5⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
      4⤵
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        6⤵
        
        PID:16608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        5⤵
        
        PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18953.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        6⤵
        
        PID:17340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        5⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        5⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
      4⤵
      PID:15608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47711.exe
        7⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54112.exe
        6⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        6⤵
        
        PID:15164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        5⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28271.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        7⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        6⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 464
        7⤵
        Program crash
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51400.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        6⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        5⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        6⤵
        
        PID:17344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48849.exe
        5⤵
        
        PID:17312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        5⤵
        
        PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        7⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        7⤵
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        7⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        6⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        6⤵
        
        PID:11020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        6⤵
        
        PID:15292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18727.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        5⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32990.exe
      4⤵
      PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
      4⤵
      PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16214.exe
        7⤵
        
        PID:16236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        6⤵
        
        PID:14948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        6⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        6⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        5⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        5⤵
        
        PID:14040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        
        PID:16512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46456.exe
      4⤵
      PID:220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      4⤵
      PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        5⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        6⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        5⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        5⤵
        
        PID:17276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
      4⤵
      PID:16948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
      4⤵
      PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
    3⤵
    PID:8440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
    3⤵
    PID:11552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
    3⤵
    PID:15268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
    3⤵
    PID:17672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
    3⤵
    PID:17044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        8⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25896.exe
        7⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        7⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        7⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
        7⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        7⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        5⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        7⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        7⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        6⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        6⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        6⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57824.exe
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        7⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        5⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        6⤵
        
        PID:12908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        6⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        5⤵
        
        PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        6⤵
        
        PID:11220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        6⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8772.exe
        6⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        5⤵
        
        PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
      4⤵
      PID:10768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
      4⤵
      PID:18396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
      4⤵
      PID:18288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3576.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        6⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64519.exe
        5⤵
        
        PID:8932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        5⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        5⤵
        
        PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        6⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8878.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8703.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62527.exe
        5⤵
        
        PID:15784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        5⤵
        
        PID:16464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5711.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
      4⤵
      PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
      4⤵
      PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44481.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60959.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
      4⤵
      PID:3752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 212
        5⤵
        Program crash
        
        PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43809.exe
      4⤵
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        5⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39988.exe
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
      4⤵
      PID:7628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12149.exe
    3⤵
    PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
      4⤵
      PID:14488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1430.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
      4⤵
      PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
    3⤵
    PID:6052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
    3⤵
    PID:13968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41630.exe
    3⤵
    PID:16544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37273.exe
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        7⤵
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6023.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        5⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        5⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
      4⤵
      PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        5⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        5⤵
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        5⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        5⤵
        
        PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        5⤵
        
        PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
      4⤵
      PID:13176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45991.exe
      4⤵
      PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
      4⤵
      PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60120.exe
        6⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        5⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        5⤵
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
      4⤵
      PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
      4⤵
      PID:2304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
      4⤵
      PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      4⤵
      PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28377.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
      4⤵
      PID:15404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      4⤵
      PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
    3⤵
    PID:11976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
    3⤵
    PID:16424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40031.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        5⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        5⤵
        
        PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13471.exe
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9494.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        5⤵
        
        PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56735.exe
      4⤵
      PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
      4⤵
      PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55992.exe
      4⤵
      PID:17892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
      4⤵
      PID:18060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
    3⤵
    PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
    3⤵
    PID:11248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
    3⤵
    PID:14080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
    3⤵
    PID:17844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
    3⤵
    PID:1464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:8
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 488
    3⤵
    - Program crash
    PID:3544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
  2⤵
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
    3⤵
    PID:7476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
    3⤵
    PID:11088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
    3⤵
    PID:14420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
    3⤵
    PID:15780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
    3⤵
    PID:5948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
  2⤵
  PID:8428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
  2⤵
  PID:11540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
  2⤵
  PID:15300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
  2⤵
  PID:18368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
  2⤵
  PID:5496
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 80
    3⤵
    - Program crash
    PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 8 -ip 8
1⤵
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5868 -ip 5868
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5740 -ip 5740
1⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 8340 -ip 8340
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 8348 -ip 8348
1⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6392 -ip 6392
1⤵
PID:16120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3752 -ip 3752
1⤵
PID:16468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4080 -ip 4080
1⤵
PID:16532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3004 -ip 3004
1⤵
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe

Filesize
184KB

MD5
9c126844c829d70b4db982bf053bac89

SHA1
0b25a47fcbb2dcaa3e657255c31baa52859b734f

SHA256
d6c7231685fba6bd8e15e77e237261c94f6c841d838c2d4eb1712e3226b5b9da

SHA512
546aeea01a54c288cd6d023903a3dbf6ff8b294a539fe44522cd1f71feaa490aea805b42c3f18d5762a35fa1cc4937ecee014fe3350681843161809cab024d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe

Filesize
184KB

MD5
ef6fd1b6acae5900eaf01e90fb7eef07

SHA1
671da937318000e5b840f79112c728b55d2055de

SHA256
f8605670b9c9dc175276567d636fcd336fd58eeafbad114b7504a54ca91cfd77

SHA512
c4a8fc38580d5f1afbde843aacbd13a59e06802398e570fef6c7aa2359950d6b222ef586a1f18c68f50795be4d8a75ee46d0d9ee2b14c93f0fe63408673acf6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe

Filesize
184KB

MD5
efcc6ab0036988ca0f47e3ae1e136c4a

SHA1
877008462878e2e8e10e63dc96f1ce493a0ec6fb

SHA256
3577a0ab10b5fb2525422d61343f0a5e2051670d7956c9b13381df368644b506

SHA512
1242793f9d89f981b0eac2a04a9053579924ef47f92d8a5f248a94d76b00c4ac01b3662bbe3d3cb3633f2518c6935f5ddfd17bbfc74e1f30ccd58753705c8259

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe

Filesize
184KB

MD5
789ca4c36fbf98eb469f99681b451808

SHA1
6a530602aa177948eab20dd89466221f5e72179d

SHA256
d242504d8579840ada39c08d5d7cf3606544c77f2122fdbdbdb5f31508ce88c1

SHA512
a290cdd8f46ebcfecd005d4edbf674368e09595526667a8374247e7b1150e902c5a4ac48ece28a6f280d8c48e45f70452747e2760ceda205bf2aa8cdce385fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe

Filesize
184KB

MD5
2df403ccfe7a58483c9d272d026e0e0e

SHA1
0e15b462854ccc11efcb39d24362241f3c66114e

SHA256
094b3fff26b7077c7f94afc3734c8698f47a4bb86469da3354068a73e8f29486

SHA512
8439a8318ba949feae1c4ed90ad3c612e6eaaca7705938c822ea348d6bc10d705f4abd6672ff9bc848211ba5b1d4271ae653fdf100972dda206eba52bbc520d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe

Filesize
184KB

MD5
d6dfcd4495c7d51541b3748bd932c9ab

SHA1
3c2e5b2006e668ec5493d831f3c3d5cc265de178

SHA256
e313803da873dddb96eab098a1cc9113e5f297491530cd27b95070b73332b047

SHA512
466c212de0262a5bad62c527ae62f5db688fd26c46a84c59e6e619b5a1a8a0a60bd41f4f3fa667174de690c3be76cf0286e69c071cf94070be0f8787410440c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe

Filesize
184KB

MD5
f683b7b8ce77fe324f417ab66c08e028

SHA1
f3be152310319c36aad32409bc6a7a379f127054

SHA256
884773ff0a2beacf5c080bac5f5bdc33dfe0eb9b45bd260b82fa10ab039e2689

SHA512
22c3725560e2bb230d50b101342ccc5bbb9abb0d62e2f9e18e86bad643ea01a925e1c206ae36d380fd0f01b85ffe150b1936618cbd8cb01e27b66646fa902bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe

Filesize
184KB

MD5
e54855298b19938a4469c68021b38ed2

SHA1
13fe65b1d0a7acb63effb885f3b05b81c7c01169

SHA256
173932e69a506fb9ec670e3a438e001590398100d660bf9ebe71d871c36ce78d

SHA512
dcb0f1d35f5a1a3e4e0c98226ca06f8420ead3ad3821b62cbdcae8f2ba35826b4d34d2fa68d5e8042398b7c2e088816afc6b058fff7b70b459990f840ebd426b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe

Filesize
184KB

MD5
d38ed4b31a6611e7e436ad65580e5ea4

SHA1
0861dd4f1b8c01e763fbe7152318bd4169d95428

SHA256
71dd19351e9a82841b0ffc453d9447637a0f47d732b150563e3981cb6dd1ad22

SHA512
5a26e72925c10ece8be223556a944abb3585bb8b1d880781a5a45e13e4fb1a38275adc0969b4dc2b5abc2afe6a7b430cc23eff4d883bc841e31c11b3b50303ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe

Filesize
184KB

MD5
7c344dd536a757997e665d58f365ebf2

SHA1
84b0524901ead96537e07c3276f6c9feb16b84b0

SHA256
3ea9868299cc38d05d4462ef10a9a89bb23537a8adb18200e8c3a84020e3330f

SHA512
3bf98d7ae9a09e368417d4b7261569f0e9f6e1ec367e6876e75261fe0e81e727923badb86f5d0940d97b606c4b260dd35cf8cc9452212f0acb8b4deaf19f4bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe

Filesize
184KB

MD5
6ba30e7ed2dd8575d601e58c60077591

SHA1
e0e34f305c787f5c32e25c0a89487389953954d9

SHA256
1d42abbc25f5ef2d51d996c280bda7ef8f9a5da7c2d034e31f80a6d84268c286

SHA512
b322769154b4ec5c0a6160cd930433f1659394ebaa00eee69861cc02e86f126280999765a1667cd2d580475e239eb0d8ecc617e27cba17f0466a345a5f1eb266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe

Filesize
184KB

MD5
769d3fbad3cdfd0f706731e466fa643d

SHA1
13f4263a4e484f39465efaa9945a0c6c391c52ec

SHA256
bc74467bb629d75f196d22c93f9e9d50a9571f63f452b7652dc83484c4e362f5

SHA512
cde2bb66da388d08a8198209cfb025537f19ae0706f3b357dbe92fa1a858fd1c78c6938d3a816849e86abdf08e0292b3ed5282eb2b8fe4f30c1c9bfec3797ef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe

Filesize
184KB

MD5
e3016644945efd02f6f0ccf94f14aa8c

SHA1
c142d9dd69b090677b8a92363985888ed2a2b4f7

SHA256
dc4d67aec04badb87c763ba70c6cd232f6ce3bd56d7830e4b9317eb82ce5559f

SHA512
01354fd2cc8c3a464810e470851b936d41135f0036c964758b4bc98300eae2cee4053c1ef3630fc286e05eedbe348e5bd5efc987971a29dc6df339281055ed11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe

Filesize
184KB

MD5
52662f6ee063ee2a43f73fd024fd36f4

SHA1
c32494638453e9ebaa9eb72d1f220e3dabe6467e

SHA256
edc2c027f3c146bfa246233bbabf76ccfe354266cebd45e9eafc5448d83fb960

SHA512
77a3f41a531c53e9cd508878b8254869f58acdb1ed0d0a3be24f95d80370dfb17780178f1c80385100d86e73d51bc4813b1456221fa27fcebc787bbf03eefb96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25233.exe

Filesize
184KB

MD5
ede9e2c2baa0766972f42834b2e352c4

SHA1
4d851931d59afcdb8e480d20d55846886d7f87ea

SHA256
6b7dd8564faffb21c05d25e6822542cc79ec8c5e4e66473a568decd5da997670

SHA512
5ec70db8db2d5d83a5a92fc84c2a7c8d02923f77f3199b69137877be5d0c9399f29bca3ef00af27e7ab120d5a86bd55e9a1858c9a4c650bbc9485e806aea87ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe

Filesize
184KB

MD5
74059d6d51e125d9fb294547975010a7

SHA1
86dfae4765994ffdc6db39e407c8dfc9e4b6da3a

SHA256
6a1af2ef7445153a0aa19aacde3ef8fd679b42a49ab7dce754b2cf4267decb65

SHA512
b0a399c223655bfe8800792f1ed9bbb0d4be8a88c396b017cbb487c0ef3ef0772468c08bbd46dbf86d726ec29e1228c732e7483c455dd36c180cb67308f8b9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe

Filesize
184KB

MD5
9328b31e93f17a507ed8b72c04c454fb

SHA1
31eade73a7cf66fd771c962ab582486fd98bcea7

SHA256
10f4402c483b9bd7f7e8f352efa866f5f7d15844954bdbee26edd7433da5a4ea

SHA512
aff3737eb9a72265e108125cbc4aa0934528f16d030e7bfe7de3667dbc98f7f3a034c4fd2adce6fe0584d717222dfb72062a7f5e59b4dc0d58b9ba0f4d095d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe

Filesize
184KB

MD5
284024413c318e51301928f699c42317

SHA1
ebbbe55a6a981b345a68417107aa5d4b2d13a707

SHA256
ea450150747c31092d1d72232fde6dbc134f9364c006534e02e45c0b4b6bb91d

SHA512
c2022dbeb2414cf2a7bcda13864d830e4f541efe73e6445a845cb31d7bb965aa1cd95060bb393672a88fb62facd5b60f209b8fdb0ebaa604bf3a3bd52f660b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2766.exe

Filesize
184KB

MD5
36d19f5425a054b0397b0effe7e5647d

SHA1
824d47a5435bf1fd8151beef830fee4902a8d14d

SHA256
6a5d8bf0d2f9e508a6b9f3e7fc172403a3bb48b1470b83556118be26cb628bd6

SHA512
a01482b89f09632c3d91565d2f7890168e27826e81452d9b0acf6e95bf4a7a6d3d501c92f56845c96e8dfbc9ed32e1a83fc22d099b8ba88c2ab36e428e3233e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe

Filesize
184KB

MD5
85c96d85d6159a05d75aa4a1c63fa839

SHA1
3e9e68dd1a039c5a8b22b6ab0ea8fe59b8bce3dc

SHA256
9e959393440cb65fd36b339369b0f6f34938544c013d09274e98cf24207147a3

SHA512
95921f61804e332acb3c986759a50efef7fed656451e1ba8f42fed5ae84175050ca6cca9ee33d33471a40c785c06a0964a8bf623898097fdfb9ba7709e26d665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe

Filesize
184KB

MD5
f80d29031467e0a3137bf057ff51666f

SHA1
dd6d57e225b52bbd138f1da949e878ef7da855e3

SHA256
3dca99090fb3a914c87cfd8e9da19147cbd31c47ed4a3fa1ea36eeeb54fd130a

SHA512
686664efab7a8f1f580a836c230189648280c90bffb9050c29a0d983637273427f36f999862a25f25824edd0944fdd212186270bb5f2fab3e2f664e8dcd2c652

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe

Filesize
184KB

MD5
9d173558a2f7e040ef4337afa2daf711

SHA1
21cf43184a142053a565fe2469fe660b0ee65cca

SHA256
6237d53d5e24ccc50b9deed1b54aa870313797ab6bf42fe9faa52403f10dbe9b

SHA512
8857fc56e13d498fa83393132baf626df133131b6ffb8e6fec2a051b2d3698f4148828f49b27f0e80d27d1115520e7847ffbfd7f5724f36182dc84e966e52afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe

Filesize
184KB

MD5
cb2e912eed8a4fdd23694cbe103be34b

SHA1
390aa5a01527e58ac5d1d6a6b9b6c0bd17bcf142

SHA256
627a6c631c35b47358704933f6385dc786acb81fdad242d3909cbffd33655e04

SHA512
9d6e5bd340ad8dd8b294a35bb8b41c387a75bb29f3a35808e46d332b5f99f7e10ca6b71fdb73c2037c955957e12e6c7d50d3ae0b21254a0aff424d945650f22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe

Filesize
184KB

MD5
6c909e9fafb84cb6ad2330c851a799de

SHA1
2fad6045d9cec8bbda327fdd6a64ae4a90db36ba

SHA256
c8e6175b798815b3d7fb2b223c35899b7acd033cbd2911d8327153def31ff3d3

SHA512
7e71c564d398384a08eedefce7374524fd7cf590a7074c1231eae7700518130269db61d18bf7f3f78ff9508f98e2a771f8c01fbad7c97523f8f6327878eb50be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe

Filesize
184KB

MD5
40c7395455d5521dafcb4cff0d61447f

SHA1
1f21bb0832656a862885b8f922fb173fa919ad76

SHA256
a3edbe29c77cd900325c1420344750e5eb36a1a9a7e29051d32245c68f88c379

SHA512
e99eee450e7244b8bdf709c3f600c21af504bd603b0d033f1545dfcc0bb2a4dd4a5af019a71ae790ee6ee6b11ae9817ef06ddb81d48aa1b354631716685ba372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe

Filesize
184KB

MD5
5e381a7a74e970016137fca0f369db9d

SHA1
97ca3f862481381a33a49f9959d92fed4701a8b2

SHA256
d0355d3e15d60c12ccb429f9550626af9296a7d8fde1789f86f8fb53a83a9cd2

SHA512
504ead9881ddd353089bf8f4af35e169dd0ccc02a9e6ff9594d2ecddb67db40927f04238922abd98dc21b93751a6d30fd5dfd7a66bf2a27846519a63673123c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe

Filesize
184KB

MD5
e43609d2b49aa43d11f97118191c21f8

SHA1
366b9d884e7fa4682d354d74b0b45cf75efc31c6

SHA256
71b9627e512a85e086cd47fd205b838905ffaf525aa0c442fe6977d5d31c4fa8

SHA512
80780d4ee0c20705c6c5328eb886dd6479492e2d2f087297cfa6cd4fb2458d72483cbbed5ffacfbf232da9b6745ea89692566ffb41e2f17bd9cd32e153f2712d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe

Filesize
184KB

MD5
0e4c2c5b2a5bd15d13467144d84cfe62

SHA1
56508a5f8a2c43819e8b3a449fba6469a3f0e753

SHA256
107896b3d0c1b872f835103e0662ea5c66139dec869b7b12c1ac7ab45cdd7be1

SHA512
5be0d920ed05076878f53629638ead0eefbdd35ddddbd4d1f7689b43ad2fab847b064397a755fc50e372a28c0e6e4a53187d54136430ab73cc345da8de2e29a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe

Filesize
184KB

MD5
788b8455fa6d4cfafacbd53e58c22dca

SHA1
a2d17c5835f7510cd75050e1626313f92c4448a5

SHA256
b9deb0d351cf10c8f7f3da7a64a64775bd34ae5e54b0dc817ce27cfea8d76cf4

SHA512
b06ba01c406d53585aa381fc6a156b6a163fd702168d31cf056d208472b2dd4537ef94de9d1099de80a0853816d9eba097523f1c8f41e2fe99c7795ffb8e7fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe

Filesize
184KB

MD5
3e3d9eb397c50dc580eeb8833bbdfc4d

SHA1
381815b3374c460e63c7766b39f3e8199622be76

SHA256
c432811f4d182b2c03575bfdbf4e209ed87b1d980ef81f08629f91e8251935b3

SHA512
2f785c63d478e30427ceafbc7eeee5bd68086f9edf8521a5286c9eca0e6cc24fcd19e5489cdf827a345323b3a4182de3fdf52e4102b3e8d1d08df2240d06667b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe

Filesize
184KB

MD5
238bb4ffa0b947007779caa142e04346

SHA1
494168af1070ac44a45e17711dd2fb148fa23d3c

SHA256
29c7277d265c8732a8d32876ef7c7566c61b97b8437eca3463b9fe4669642bd5

SHA512
bda6a131608ed2bb035bab55d51540015a8e204c2308dec7ea846980df38a494e8a62e16e68b4344a03f3edc4699d110ab509b21ab9518ce988518f3a5889069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe

Filesize
184KB

MD5
76b6e46fd59d43610fa6bf28830358bd

SHA1
a965f6c2924d3e7cb6581097440e358cf82acca5

SHA256
f46e870f15b260119e4d4dacc247287b3367ec15d13aa80c042e847218709de6

SHA512
2449c24be9b506e207dcaa9d53c6dccc8cb46fdc4036a388170c0df26071b7a6f44c7ff6868b92e4c3d4e99b0f42ed8007c5ff17cd695d0827f3fe4a530ff214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62648.exe

Filesize
184KB

MD5
f84fd487f40243cb1eb72251df12e1ba

SHA1
acd9e43b72fd3e8f0e2b5a1df038155c7a4dc242

SHA256
beb0fa26291d84e63ad2a20a12c359ad17cbe9cf1e7e06b1e752a761c25ea13d

SHA512
7879788bead3fe64a4f5365cbcbf9459e83abe87f51a6fc1ac1022928623a4d8f6c57755311071a76c618aa0a87bae3ed2a8383f1ce1b22ab916b140b23cae7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe

Filesize
184KB

MD5
b2915df8f8e48765e56f6a8e909dc68f

SHA1
4341d5d0bdfe45df46197914a4133ab8181d3e45

SHA256
9ef8a7fd6eab63f53ba09dc17c26691123354502cf64af2b7a7cf07495a6073e

SHA512
914f43b83274790e6b08da01614f16c9fef93163263b4d4c21dd610bf35555b630f5902d0a9ddf0205cb494044aac51116cbefc97a6eb3889ce628480b60d43c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7391.exe

Filesize
184KB

MD5
cc9f1f58eb102db4163fedce44f0b5c3

SHA1
38c164b3772b5aa5b71a349f1c94724ffa6ada09

SHA256
ae64be27223a212dd8b450c8ed2ed566963e69c2dbc75475f69b3f398355042c

SHA512
c4c012e7732f329ede0ac1b8f7df704f49a9af56b3f9a55d9263160a39774e84321e76549067da759c9bedd6ac66823e6a7e00ae4a4b07680e5ccf9c63dff425

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe

Filesize
184KB

MD5
84df30b927f2f911b2e065d7352c11ef

SHA1
40af8a328d5d6c81cb20aa4721941735438d76b5

SHA256
ebd96abb225c0fc5fa853ec8eb65943d103fb043e6753fd1e11a1c4a6fb2862b

SHA512
300b0221858e6b76381303fd15895f262b526da9e19452c90e8e75df8d8b37d96ac82cfd6f73e50bae13fd203997fa9d1183c8c57217b41169bd0b4ce1e31458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9280.exe

Filesize
184KB

MD5
2cf94f6407abe4e5a6efac6715d3a8c1

SHA1
e30fbe3fbc6d0bfc8b1b56fb8b1b5612b509f0d0

SHA256
5052786ff1b148badb8975fbe8b3e2c3a47ef6556d72cdf2a6a936ccb70978fa

SHA512
cd3fe5972b13b6e53121e9769d38b6cb5d78ad38b3114e707b53f8b62e424fd98ddf40ddc308e5434835b9bd4cdec54ab32264e755789c3d65e940c849f23dd0

Download Submit
memory/2104-3674-0x00007FFF0C170000-0x00007FFF0C365000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads