d18cf61774b6b3629ca1d7ea59e467c1feea6ac80c1e7bddf89eea8faec71e1d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe
Size

184KB
MD5

1483de827597ebe6e3f849fbb9a560e0
SHA1

4da172936369997fcc5b0eac2894eb337aacc8f3
SHA256

d18cf61774b6b3629ca1d7ea59e467c1feea6ac80c1e7bddf89eea8faec71e1d
SHA512

41e51522c56448b5759a4774a7dc8af147e34aa2d39861df4536ba63ae5bfe8e0ae5c4dfbd0397ea51de460f1832e68e1a476c888bed90dacfb90f658c7be138
SSDEEP

3072:deh/+MoUp0N+3dKwTCwJzfaSylvVqnviuS:dejo8tKwhzCSyldqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2724	Unicorn-43954.exe
1060	Unicorn-913.exe
4840	Unicorn-22080.exe
1924	Unicorn-56310.exe
1976	Unicorn-44613.exe
1244	Unicorn-3025.exe
4984	Unicorn-37928.exe
1872	Unicorn-65171.exe
4432	Unicorn-53474.exe
4908	Unicorn-48451.exe
1392	Unicorn-28031.exe
4236	Unicorn-8165.exe
1348	Unicorn-5564.exe
4536	Unicorn-11429.exe
628	Unicorn-10469.exe
4844	Unicorn-29951.exe
1796	Unicorn-59286.exe
852	Unicorn-62815.exe
1284	Unicorn-3400.exe
1324	Unicorn-47631.exe
3624	Unicorn-11429.exe
1896	Unicorn-14958.exe
1612	Unicorn-12912.exe
2072	Unicorn-27211.exe
1352	Unicorn-52462.exe
816	Unicorn-6790.exe
1696	Unicorn-10609.exe
4112	Unicorn-64159.exe
792	Unicorn-1944.exe
1512	Unicorn-65503.exe
1196	Unicorn-6088.exe
856	Unicorn-45659.exe
4928	Unicorn-29685.exe
3416	Unicorn-20963.exe
1588	Unicorn-8445.exe
1320	Unicorn-33023.exe
440	Unicorn-16687.exe
3928	Unicorn-18724.exe
3068	Unicorn-50106.exe
2904	Unicorn-5742.exe
1152	Unicorn-39161.exe
632	Unicorn-21887.exe
4492	Unicorn-64957.exe
3520	Unicorn-42115.exe
116	Unicorn-9997.exe
4944	Unicorn-33947.exe
396	Unicorn-59198.exe
3168	Unicorn-54559.exe
4884	Unicorn-62727.exe
5088	Unicorn-13526.exe
3012	Unicorn-41161.exe
2512	Unicorn-56597.exe
3976	Unicorn-21503.exe
4700	Unicorn-62727.exe
4424	Unicorn-8289.exe
1912	Unicorn-50838.exe
3404	Unicorn-49826.exe
388	Unicorn-1637.exe
4344	Unicorn-25587.exe
2168	Unicorn-43629.exe
5032	Unicorn-42426.exe
2544	Unicorn-39567.exe
5072	Unicorn-23785.exe
2184	Unicorn-10978.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3700	1196	WerFault.exe	125
1412	1512	WerFault.exe	124
6952	5476	WerFault.exe
10864	9388	WerFault.exe	449
6020	16616	WerFault.exe	827
18092	6396	WerFault.exe	966

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	10072	Process not Found
Token: SeChangeNotifyPrivilege	10072	Process not Found
Token: 33	10072	Process not Found
Token: SeIncBasePriorityPrivilege	10072	Process not Found
Token: SeCreateGlobalPrivilege	14692	Process not Found
Token: SeChangeNotifyPrivilege	14692	Process not Found
Token: 33	14692	Process not Found
Token: SeIncBasePriorityPrivilege	14692	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe
2724	Unicorn-43954.exe
1060	Unicorn-913.exe
4840	Unicorn-22080.exe
1924	Unicorn-56310.exe
1976	Unicorn-44613.exe
1244	Unicorn-3025.exe
4984	Unicorn-37928.exe
1872	Unicorn-65171.exe
4432	Unicorn-53474.exe
4908	Unicorn-48451.exe
4236	Unicorn-8165.exe
4536	Unicorn-11429.exe
1392	Unicorn-28031.exe
1348	Unicorn-5564.exe
628	Unicorn-10469.exe
4844	Unicorn-29951.exe
1796	Unicorn-59286.exe
852	Unicorn-62815.exe
1324	Unicorn-47631.exe
1284	Unicorn-3400.exe
3624	Unicorn-11429.exe
1612	Unicorn-12912.exe
2072	Unicorn-27211.exe
1896	Unicorn-14958.exe
1352	Unicorn-52462.exe
1696	Unicorn-10609.exe
792	Unicorn-1944.exe
816	Unicorn-6790.exe
4112	Unicorn-64159.exe
1512	Unicorn-65503.exe
1196	Unicorn-6088.exe
856	Unicorn-45659.exe
4928	Unicorn-29685.exe
3416	Unicorn-20963.exe
1588	Unicorn-8445.exe
1320	Unicorn-33023.exe
440	Unicorn-16687.exe
3928	Unicorn-18724.exe
3068	Unicorn-50106.exe
2904	Unicorn-5742.exe
1152	Unicorn-39161.exe
632	Unicorn-21887.exe
4492	Unicorn-64957.exe
3520	Unicorn-42115.exe
116	Unicorn-9997.exe
396	Unicorn-59198.exe
5088	Unicorn-13526.exe
3168	Unicorn-54559.exe
4700	Unicorn-62727.exe
1912	Unicorn-50838.exe
3976	Unicorn-21503.exe
4344	Unicorn-25587.exe
4884	Unicorn-62727.exe
4424	Unicorn-8289.exe
3012	Unicorn-41161.exe
2512	Unicorn-56597.exe
3404	Unicorn-49826.exe
388	Unicorn-1637.exe
4944	Unicorn-33947.exe
2168	Unicorn-43629.exe
5032	Unicorn-42426.exe
2544	Unicorn-39567.exe
5072	Unicorn-23785.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2724	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	92
PID 1700 wrote to memory of 2724	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	92
PID 1700 wrote to memory of 2724	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	92
PID 2724 wrote to memory of 1060	2724	Unicorn-43954.exe	94
PID 2724 wrote to memory of 1060	2724	Unicorn-43954.exe	94
PID 2724 wrote to memory of 1060	2724	Unicorn-43954.exe	94
PID 1700 wrote to memory of 4840	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	95
PID 1700 wrote to memory of 4840	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	95
PID 1700 wrote to memory of 4840	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	95
PID 1060 wrote to memory of 1924	1060	Unicorn-913.exe	98
PID 1060 wrote to memory of 1924	1060	Unicorn-913.exe	98
PID 1060 wrote to memory of 1924	1060	Unicorn-913.exe	98
PID 2724 wrote to memory of 1976	2724	Unicorn-43954.exe	99
PID 2724 wrote to memory of 1976	2724	Unicorn-43954.exe	99
PID 2724 wrote to memory of 1976	2724	Unicorn-43954.exe	99
PID 4840 wrote to memory of 1244	4840	Unicorn-22080.exe	100
PID 4840 wrote to memory of 1244	4840	Unicorn-22080.exe	100
PID 4840 wrote to memory of 1244	4840	Unicorn-22080.exe	100
PID 1700 wrote to memory of 4984	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	101
PID 1700 wrote to memory of 4984	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	101
PID 1700 wrote to memory of 4984	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	101
PID 1924 wrote to memory of 1872	1924	Unicorn-56310.exe	102
PID 1924 wrote to memory of 1872	1924	Unicorn-56310.exe	102
PID 1924 wrote to memory of 1872	1924	Unicorn-56310.exe	102
PID 1060 wrote to memory of 4432	1060	Unicorn-913.exe	103
PID 1060 wrote to memory of 4432	1060	Unicorn-913.exe	103
PID 1060 wrote to memory of 4432	1060	Unicorn-913.exe	103
PID 1244 wrote to memory of 4908	1244	Unicorn-3025.exe	104
PID 1244 wrote to memory of 4908	1244	Unicorn-3025.exe	104
PID 1244 wrote to memory of 4908	1244	Unicorn-3025.exe	104
PID 4984 wrote to memory of 1392	4984	Unicorn-37928.exe	106
PID 4984 wrote to memory of 1392	4984	Unicorn-37928.exe	106
PID 4984 wrote to memory of 1392	4984	Unicorn-37928.exe	106
PID 4840 wrote to memory of 4236	4840	Unicorn-22080.exe	105
PID 4840 wrote to memory of 4236	4840	Unicorn-22080.exe	105
PID 4840 wrote to memory of 4236	4840	Unicorn-22080.exe	105
PID 2724 wrote to memory of 1348	2724	Unicorn-43954.exe	107
PID 2724 wrote to memory of 1348	2724	Unicorn-43954.exe	107
PID 2724 wrote to memory of 1348	2724	Unicorn-43954.exe	107
PID 1700 wrote to memory of 4536	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	108
PID 1700 wrote to memory of 4536	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	108
PID 1700 wrote to memory of 4536	1700	1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe	108
PID 1976 wrote to memory of 628	1976	Unicorn-44613.exe	109
PID 1976 wrote to memory of 628	1976	Unicorn-44613.exe	109
PID 1976 wrote to memory of 628	1976	Unicorn-44613.exe	109
PID 1872 wrote to memory of 4844	1872	Unicorn-65171.exe	110
PID 1872 wrote to memory of 4844	1872	Unicorn-65171.exe	110
PID 1872 wrote to memory of 4844	1872	Unicorn-65171.exe	110
PID 1924 wrote to memory of 1796	1924	Unicorn-56310.exe	111
PID 1924 wrote to memory of 1796	1924	Unicorn-56310.exe	111
PID 1924 wrote to memory of 1796	1924	Unicorn-56310.exe	111
PID 4432 wrote to memory of 852	4432	Unicorn-53474.exe	112
PID 4432 wrote to memory of 852	4432	Unicorn-53474.exe	112
PID 4432 wrote to memory of 852	4432	Unicorn-53474.exe	112
PID 1060 wrote to memory of 1284	1060	Unicorn-913.exe	113
PID 1060 wrote to memory of 1284	1060	Unicorn-913.exe	113
PID 1060 wrote to memory of 1284	1060	Unicorn-913.exe	113
PID 4908 wrote to memory of 1324	4908	Unicorn-48451.exe	114
PID 4908 wrote to memory of 1324	4908	Unicorn-48451.exe	114
PID 4908 wrote to memory of 1324	4908	Unicorn-48451.exe	114
PID 1244 wrote to memory of 3624	1244	Unicorn-3025.exe	115
PID 1244 wrote to memory of 3624	1244	Unicorn-3025.exe	115
PID 1244 wrote to memory of 3624	1244	Unicorn-3025.exe	115
PID 4236 wrote to memory of 1896	4236	Unicorn-8165.exe	116

C:\Users\Admin\AppData\Local\Temp\1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1483de827597ebe6e3f849fbb9a560e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        10⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        10⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        10⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        9⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        9⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        9⤵
        
        PID:16676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        9⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        9⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        9⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
        9⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        9⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        9⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36070.exe
        9⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        9⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12368.exe
        8⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2849.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
        8⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        8⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57370.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2640.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        7⤵
        
        PID:16224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        7⤵
        
        PID:17600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        7⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        9⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        9⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        9⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        9⤵
        
        PID:18144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        8⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        8⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
        8⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        8⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        7⤵
        
        PID:15092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        7⤵
        
        PID:17504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        7⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13016.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9774.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        7⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        7⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        6⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        6⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        9⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        9⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        9⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        8⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        7⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        8⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        8⤵
        
        PID:16096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        7⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15721.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
        7⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        7⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        6⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21549.exe
        8⤵
        
        PID:12368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        8⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31470.exe
        8⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        7⤵
        
        PID:14548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20573.exe
        6⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        7⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29874.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        7⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        6⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        7⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        7⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        6⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        6⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        5⤵
        
        PID:11544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        5⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        9⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        9⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        9⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        9⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        9⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57101.exe
        8⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24193.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        8⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
        8⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        8⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        7⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        7⤵
        
        PID:17756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        8⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3921.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        8⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        8⤵
        
        PID:17800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        8⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        7⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        7⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        6⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        7⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        7⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61301.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        7⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        6⤵
        
        PID:16560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        6⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        6⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        7⤵
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        6⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        6⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        6⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55903.exe
        6⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        9⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        7⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        7⤵
        
        PID:14640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        8⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        7⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39089.exe
        7⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11113.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
        6⤵
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        8⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        8⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        8⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        7⤵
        
        PID:16616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16616 -s 464
        8⤵
        Program crash
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        6⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        6⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        7⤵
        
        PID:16272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        6⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        6⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        6⤵
        
        PID:16228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45973.exe
        6⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        6⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        5⤵
        
        PID:16608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        5⤵
        
        PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        5⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        7⤵
        
        PID:12592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29944.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        7⤵
        
        PID:17488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        6⤵
        
        PID:15736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        6⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        5⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39849.exe
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
      4⤵
      PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        6⤵
        
        PID:11096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        6⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
        5⤵
        
        PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        5⤵
        
        PID:16500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        5⤵
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32074.exe
        5⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        5⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        5⤵
        
        PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
      4⤵
      PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
      4⤵
      PID:9372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
      4⤵
      PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 720
        6⤵
        Program crash
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1798.exe
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        7⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        6⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        6⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        5⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        6⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        6⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        6⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        5⤵
        
        PID:15080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        5⤵
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 720
        5⤵
        Program crash
        
        PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        7⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        7⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        6⤵
        
        PID:15332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        6⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        5⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
        6⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        6⤵
        
        PID:17952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        5⤵
        
        PID:13012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        5⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        5⤵
        
        PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        5⤵
        
        PID:17352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
      4⤵
      PID:7188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
      4⤵
      PID:14604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
      4⤵
      PID:8784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        7⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        7⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62898.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31689.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        5⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        5⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59693.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        5⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52914.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        5⤵
        
        PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50486.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        5⤵
        
        PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8217.exe
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
      4⤵
      PID:10220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        5⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        5⤵
        
        PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        6⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        5⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        5⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        5⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        5⤵
        
        PID:6988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18688.exe
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      4⤵
      PID:10188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
      4⤵
      PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
      4⤵
      PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
      4⤵
      PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
      4⤵
      PID:18120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
    3⤵
    PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
      4⤵
      PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      4⤵
      PID:8144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
    3⤵
    PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
      4⤵
      PID:11296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47030.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
      4⤵
      PID:16836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
      4⤵
      PID:7312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
    3⤵
    PID:9384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
    3⤵
    PID:13476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
    3⤵
    PID:16592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63794.exe
    3⤵
    PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
    3⤵
    PID:8668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        9⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        9⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        9⤵
        
        PID:14540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        9⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        9⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        8⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        8⤵
        
        PID:13044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        8⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        8⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        8⤵
        
        PID:18280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        8⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        8⤵
        
        PID:15228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        8⤵
        
        PID:17640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        7⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        7⤵
        
        PID:17964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        7⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60854.exe
        8⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        8⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        8⤵
        
        PID:14896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        7⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43610.exe
        7⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        7⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        7⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        6⤵
        
        PID:17084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        7⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        7⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        7⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29369.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        5⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        8⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        8⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        8⤵
        
        PID:15740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27142.exe
        8⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        7⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        7⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        7⤵
        
        PID:16972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        6⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        6⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        6⤵
        
        PID:13168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        6⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28602.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        5⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        5⤵
        
        PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        7⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        7⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50469.exe
        6⤵
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        6⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        6⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
        6⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        5⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        5⤵
        
        PID:15312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4733.exe
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        6⤵
        
        PID:10600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        6⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        5⤵
        
        PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
      4⤵
      PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      4⤵
      PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        8⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        7⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        6⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28373.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        5⤵
        
        PID:11700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        6⤵
        
        PID:14000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        6⤵
        
        PID:16876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27929.exe
        5⤵
        
        PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      4⤵
      PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
      4⤵
      PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4974.exe
      4⤵
      PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        6⤵
        
        PID:18264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        5⤵
        
        PID:14372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        5⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        5⤵
        
        PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        5⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54073.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19377.exe
        5⤵
        
        PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18965.exe
      4⤵
      PID:6224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11070.exe
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        5⤵
        
        PID:12864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
      4⤵
      PID:17100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
      4⤵
      PID:16688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2188.exe
    3⤵
    PID:5476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 424
      4⤵
      Program crash
      PID:6952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
    3⤵
    PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2890.exe
    3⤵
    PID:11380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
    3⤵
    PID:14552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
    3⤵
    PID:16844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
    3⤵
    PID:6140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58015.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19914.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        7⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        6⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        6⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        6⤵
        
        PID:100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        5⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        5⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        5⤵
        
        PID:18124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        7⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        7⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        7⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13137.exe
        6⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40713.exe
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        6⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        6⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 276
        7⤵
        Program crash
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        6⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30102.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        5⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        5⤵
        
        PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
      4⤵
      PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23131.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
      4⤵
      PID:9880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
      4⤵
      PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47360.exe
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        7⤵
        
        PID:17176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        6⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        6⤵
        
        PID:17112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        5⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        5⤵
        
        PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47470.exe
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        5⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        5⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
      4⤵
      PID:13392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      4⤵
      PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
      4⤵
      PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        5⤵
        
        PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        5⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        5⤵
        
        PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
      4⤵
      PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
      4⤵
      PID:5928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
    3⤵
    PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        5⤵
        
        PID:16116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        5⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        5⤵
        
        PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      4⤵
      PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
      4⤵
      PID:17568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
    3⤵
    PID:6420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
    3⤵
    PID:9388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 468
      4⤵
      Program crash
      PID:10864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
    3⤵
    PID:12868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
    3⤵
    PID:15776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
    3⤵
    PID:9440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        6⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7221.exe
        7⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10344.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        6⤵
        
        PID:15064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64355.exe
        6⤵
        
        PID:17960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        5⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        5⤵
        
        PID:17984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        5⤵
        
        PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
        5⤵
        
        PID:15348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        5⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
      4⤵
      PID:8456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
      4⤵
      PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
      4⤵
      PID:876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      4⤵
      PID:8176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        5⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        6⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        5⤵
        
        PID:15132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        5⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        5⤵
        
        PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        5⤵
        
        PID:17856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
      4⤵
      PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
      4⤵
      PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
      4⤵
      PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
      4⤵
      PID:18028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
      4⤵
      PID:13348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
      4⤵
      PID:16928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
    3⤵
    PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
    3⤵
    PID:14400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
    3⤵
    PID:17340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
    3⤵
    PID:8040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46635.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        6⤵
        
        PID:7948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        6⤵
        
        PID:10960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:14512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        6⤵
        
        PID:17668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51814.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        5⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
      4⤵
      PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
      4⤵
      PID:17976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
      4⤵
      PID:6892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
    3⤵
    PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      4⤵
      PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
      4⤵
      PID:18060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
      4⤵
      PID:5924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
    3⤵
    PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
    3⤵
    PID:9560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
    3⤵
    PID:12488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
    3⤵
    PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
    3⤵
    PID:8572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
    3⤵
    PID:3412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        5⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
      4⤵
      PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
      4⤵
      PID:16412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
    3⤵
    PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      4⤵
      PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
      4⤵
      PID:16916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    3⤵
    PID:9452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
    3⤵
    PID:13492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60469.exe
    3⤵
    PID:16568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
  2⤵
  PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
    3⤵
    PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
    3⤵
    PID:9512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
    3⤵
    PID:11396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
    3⤵
    PID:16092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
    3⤵
    PID:6104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
    3⤵
    PID:17304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
  2⤵
  PID:6996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59137.exe
  2⤵
  PID:10992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14293.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14293.exe
  2⤵
  PID:13892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27074.exe
  2⤵
  PID:17060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1512 -ip 1512
1⤵
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1196 -ip 1196
1⤵
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5476 -ip 5476
1⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 9388 -ip 9388
1⤵
PID:10780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe

Filesize
184KB

MD5
65cdd18baa521657928ecbe57fea2d75

SHA1
713d6979bd045bf6254f627069d849fb2c1c6550

SHA256
cb035893401b063bade5ea4d04a6392a68d008250e5c341f94fd9b7956fa21d0

SHA512
035ccfbdaaef475bf3f136f7b042d99e56dc8e43aceb751bf884f474aab28fd0dbf5fc5cc018544d82e9acffbec0b6f9d7f5187f4889e2981f97815dc3ce06a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe

Filesize
184KB

MD5
f81f906b1fb38ac58556d37009267a9b

SHA1
7247e3b01a1b2f8621883727cd670a627cf604d8

SHA256
634cdf24bd399c82914129d09eef255c887aa8c1edc53da1bb0b9e3e765a599d

SHA512
25d144f168dc3c379439fb296c6f31027918c79d653bb1032fb27ec157c693c52ce69e9afb99dfd6eeb7966d35456c7d6733094545f3bf58eb34459fac57b3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe

Filesize
184KB

MD5
0611cce1e526621634fe1e28a3b1f6ee

SHA1
9aeaa1138c5a3c662819dc88dcda10d279ef55a4

SHA256
d8cfe493c2f0715e56cb05dd86868638f0eec01652e4db298c3c31219c4164e6

SHA512
52016d0140ce2f3535ccf32ce390f370da32a92ee223e81df2c24c8f81aa242a0f421cd8aa7a1b336a0200543bb96f0faae8a41625eb0a4aee6e067193c022ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe

Filesize
184KB

MD5
e629a9cf3cd3a1d4bb05f74b9280adbc

SHA1
a7d92cdd52496dd9c16c1b5423ccf93ecd0e8c7c

SHA256
dfc8b9794c2e0c018f298ac42999f908c4db2094bee143e1e573b4ac7e525155

SHA512
ed8402b73b21c1a38cd22d41053cf48402f76e16d29b28bef04721a3fbbe1c3c993a6bf1d38d62289c2c7cbd4e5413ea1b3160d9b53346c04e7e62c8fa9e32d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe

Filesize
184KB

MD5
1c698229b6e21dbb3ef7bcc87c78c216

SHA1
a67dcd8ed97c438383915afb29ebaba759fa0142

SHA256
0960947f4d0ecd776593f26985ba3ddfcee5a64eaf382c633553ab0cd0e9b8c0

SHA512
c52fcad45773248a2f658d12d557b755bdc1ecf477c2ff83ab55adbf5550958aeb08e09f249892b9176c5d7e8f6d5a65ca9a84d7cbcedd1e8225dad4284c17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe

Filesize
184KB

MD5
722503180afed44c8b2493da567fe0da

SHA1
cc607b577e19f62f67edce9a90f80647762cecc1

SHA256
0f97aca3c1fde8e2ce11cf687720e4914698901eaf6b53903c86bd6c3121a223

SHA512
4ec8ad30628998d0bbaf88f170c92b16076a389c9e867b356b097fd2d79d840f91dab6e0b1bdf7b3a22ddf975a70c403cb43d1b68b3af1dfbde8b4ff3115c778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe

Filesize
184KB

MD5
67cdb77724a6e7a11d7eae053d3e3bee

SHA1
099fa7a794db06025f6e8816010e93e84764287c

SHA256
4818ab10f85b8d4cfadde16a41edec6fb30c57576cd79330567d31d197122cc5

SHA512
b80d02ec16c7878d4075e3c8a5c11d682cf03a08d15d9de8fc470e0f9007f1939da02e3ae7e8db8f626c8601e8734ef515459123d4453fa9a5bbe92222a4d407

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe

Filesize
184KB

MD5
c8b7accfd88012ae6f4f37c45c774df6

SHA1
47a77891094598aa3db12ae007c2323af5f602e7

SHA256
3dc8aaccd6bd650a0c3ddbc87aa670aa1685e7f70647443d8ece092184116458

SHA512
5094d49b5e43eba8ea95a9281cf54e0a15f8c0dcf9d2b85b5a189aec4a1a9ed5ea61cdc7d8167f5c442601d8d753ce23b9b34aa67156d686d095c779b92f09f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe

Filesize
184KB

MD5
dd6301fc2ba75b64ce6da8e85a13864d

SHA1
9bf3bfa8af2b25de10a1cc4bb5ba15353c6fa67e

SHA256
4d37dc83dfe52e79e5c3fbae0ee95e79b439537c89c009350c1f19ce29925a02

SHA512
80ae40f80ceeb55a126cabf720a1fe7ad59e50a46c5b0fc4f89b001a08c9dca20dde2c05ea5e816d17bea08f045357421474a94d1e0978c3ce9d26c42d294bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe

Filesize
184KB

MD5
7f15ef0970b1d600e8768160aa954be9

SHA1
76d3e683575ea391eacbce1792c0936a0f7e08ed

SHA256
2229dec9ae55742e81f49672b47261fa668b6fc9d36eb20d4af3942f16248b67

SHA512
d281e27dda10e57bcfba5474522963ade284d74e52e4a5c0b41065126e669589f1aecda51b427cc0867bfac59baf40487ca6af33255f33cf0910bfe32584f913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe

Filesize
184KB

MD5
f8563bf4daa350334e69e3fb69ceb9dc

SHA1
f5478bdd9e8c6733889de5fec86447dc5812f51c

SHA256
c0c8354564000d24a07998e3797c40ddf084450deeaf183a3c023612be09c70c

SHA512
1591d8487ba16a164acab99bf02139423b626dc0dab70e2a553bf31c02621acde31df85b056c308c3bacf4857dfa8a6204bfebe4e9318a776d6833cf7d7636f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe

Filesize
184KB

MD5
26a5e5b2662e8deffcde2750b8675167

SHA1
86e19a6b160b355ebaf3441e82668335aee28484

SHA256
eefef730438b745ed1ded3420d31057c8fd0eb6e9a13dd582584495b000572d9

SHA512
395fe83c25ae9bb1b109af718e1f8fd7c5cd683df66d6ad94a304029c126df2e7613dd306dd2ae3ae4b100d4beb0bbfe503076dbaff66ad388f2961dde8d81ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29951.exe

Filesize
184KB

MD5
008065e2ba6e8b6668c4c6f6a1c1ac8f

SHA1
37b1f2662b17b4b032ca492cef2b9a96959aba87

SHA256
64cd0e7b795ef2ed914819026fb9b0581af9c16908b8a29b77f8eaba120d8a87

SHA512
7ee770b64e027059281d1b09711e0d1ab34877f37813ace12fc523b412a69350ac21e9039dcc0d66a87bde9e639ef4d8c4a48d36ba439047b52eb2b7c2140e4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe

Filesize
184KB

MD5
c633bcf4b273070552401232e5f1344c

SHA1
0474e4a880deeb0daccfe946f043078aaf515504

SHA256
67d5f15877c8c655be00cfaa920f5ba718bd0a8a701adb83561923a993c8dcb1

SHA512
ef06a61d9a24c63846eebf4c42216bd6d7803707f0830deba0be628fdd684d1c77730830db2e4ce103292915d34650c0043692a27cd8c88f6d8ffee4f635142d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe

Filesize
184KB

MD5
1589fd13bf5eb9873edd0872e1364677

SHA1
aa55ea29d9ddd42dbd848af357ffac55be2d67cf

SHA256
12bfac4fb133faa1138039f2451050be199553046aa154cf998d80d0ba62bc80

SHA512
e8bdeca99e9bf938fb6b6abb86e588e02c8048346b44fa751cbe2ae83741018ca1a0a84276e7958b52539f89891b410e8fc35398c16f826042da96f691384505

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe

Filesize
184KB

MD5
34b7432954e1e3d62518bfdc66096f77

SHA1
cec41031f6ae47ae80c402eabfb4ad7dc7faa619

SHA256
1b67af39ba6f1a56b0171c1e8a422d77a0d4743edc265d7e51692eeb9966780d

SHA512
bd9a75d19fe1a3e460062e4fa395acc0cb85771207152cc882a52bf3f2e5f3fd601b3467e9979e5539891cf46474fd817c7ba4adf87f46054bde1544b811b392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe

Filesize
184KB

MD5
2589e9510aaee8a81ddc646abb9728d6

SHA1
7a7a4ac0e6e8416bf727bc3e786a0f95f6f0d8cb

SHA256
9f077652651778300dc890f337a9c5bb76dae841846be5f90ca1b15f91f38df3

SHA512
1b41b6ab9fc944a466bb9c29fa62205dcd1431b056e91c494eaf57815bb49e75679e3f193bb0f603cad010cc847a74b97e40f8ae341f0983c345ae2790ce88d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe

Filesize
184KB

MD5
652a9b4f8947e7c97f82162ff73d4671

SHA1
807e9db4cb531dc888970f842611c235410a45ee

SHA256
5ef91a7fdc6dcb582156f8b12f3f843b998bc4a0a853fd27d9b256ec9216b452

SHA512
126ade550f29199dc95a238e3c83ae756db7f42301b7b688a93cad0119fb580c6c34bd4fd348a50327b551bf2275ccefbcb4836a1495f37839a27e8e1c181a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe

Filesize
184KB

MD5
6a15c90789a5045e8dcd890e403d3570

SHA1
93fc1c2be8917f7ae56ad62d4801ecf382ee6182

SHA256
8de8f33f8adb1ffb108c42937522323b0c5dbb43a8407d917301a3869facdda0

SHA512
50a67e7b08d01a266f900d21f0394b3029b3b7b6ab9c26dcc9c29f767dd4c0e9a08676f2198ccbfdb11ba1e0ec2ad83faf38100ef6efcf890213364a685e3eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe

Filesize
184KB

MD5
ce4346d2f4e331e78b6b37576a597e38

SHA1
64d94eea6401b2af8108f7455592645c9cea41e8

SHA256
841bbe2d179636c2e5a3ae7734f69c6ecf1d54ebccdeca431f72ece3a1ea4edf

SHA512
59c684b017c7393df5bf20e165cd6d01eab5cb2dfa6297e2ba982218ab9c9a87f444804810c8ad1925495ea9ae8effe9c070fb74b95ee9b7b48b3ad6e73eed74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe

Filesize
184KB

MD5
0f62408db3cf1fa9b6c399e0375a72a0

SHA1
8a5d53714dcc1da5cafb4e7ef9a816bdc9939a08

SHA256
74ea40708ec50a6454c2bea6ac1fe0103a1482ee4391d540ce95c7b9107e549c

SHA512
4dd72886d4effede590d718659ff4b09a47bc3d96b46b3182aea674476185b44b07309913222bd3a85ef4a6fd58f0f7cce9e3bad9eb447304d9cb120a70e09e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe

Filesize
184KB

MD5
c870d71584fa7c7989ac8564fab5ea3f

SHA1
ecdcdca3ab6052237481b1e6343cf9db5cb06f38

SHA256
d3c6daffb485fd3b761f3e26ddb438b5041359976f7f90dd66c4b5b5b957922f

SHA512
8dd02f2652dd8747a3cdf0f944949b6165d8342a40c868f37e36103de895080be1e8e47dadc9d77698e23acfffd2a02016856aefa76b1bfb0766a08230373f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe

Filesize
184KB

MD5
8a8e5369a60efcb74a647e267d91bb3e

SHA1
124cbb2dfd5d0b953ebc10cc0c56b62e249094ea

SHA256
ce0fc954eb9d66255c75b07778fb3cd4d6686ab24e0c0266ce8c2160ee467001

SHA512
d15140ddbf5e14fd9c5d7e3cc05b407d02ac9a32fa2d8e471d748a5f413770339ae73bb28b326fcb002cc2c8f58f1997fd5015fd32ce0997e4f0348fc2e2c8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe

Filesize
184KB

MD5
d60d997234176bba0ea58a035d514569

SHA1
e1cc8a159a802508d0b1238099a711b7b86dfd3d

SHA256
7f597b3a8076815b4ce59b4cb6cc03a613aa7869b019813bd2beb9202bcd8d25

SHA512
168b81dd33730f9f430d57b6034cf3dfb1eae035dbe8404ca6b7de46674274198d24692cb5d4a533b4e3c73d6425c9a218e99370e67cf444d068ebe9c02e2486

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe

Filesize
184KB

MD5
2c8eec70046e9202ca6c5fd1670ca9a0

SHA1
d942f6567a32eabfe812c405bc1a1106cb79d226

SHA256
2a412d50186682cc0f4219e19833c78094165bbf50b9e7f3331898a75dbe43fe

SHA512
6931fc0d4e284dc429d134e4bb4040764e578abe781f56db663648115d25a2881c98d3541bef1c0de89604320bdc92b9a27c4d7add0a5955adb263a018b33551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe

Filesize
184KB

MD5
874aa36a1202e8d220afcf0d01afbb96

SHA1
e9ee600ff337efe136abd2da54144857cc55d3d0

SHA256
a52ea100a3782645487c22d3114344587fc725445abe067785ff1190237077ce

SHA512
1318e375cbdce25e88607c003ab1936cbef2205ebad0c33438060f8b5a8f1069379e4b42a6383b5698c0df0a9dfb5a49371b83e273c87c92af07aee680a4618b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe

Filesize
184KB

MD5
869c08ec463aa650e7ff12283b1a8f05

SHA1
0c7e5cdaf1bc72a4a98a8bea3481f92431f12329

SHA256
9b53da2dc209f8ef0b8cfc1b2886a3f44e0011863865430ddd5e39862bfa0059

SHA512
52c8d21af3e22725f97e429ba3421b69c6128a55b41aba072b0ef70c27bb7d669c038bb4495b6491a54bf3f2abbe4ed73d0b271a07bcc6829ea30c6e1ee46dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe

Filesize
184KB

MD5
2fef06bafe9145b7e1b4d2c905c4ea6a

SHA1
03650282b8356c226b0469066b9083e212daefcb

SHA256
9a0e8609bad7e1d023df255ec6f5367a218d5bd49e57b235978ebf5caa5d677a

SHA512
2afbbb488135473679dbe47f6d03d83856e12020119b8635839830eec719c19499edaef8fea20344a9796d3e6942c8c28a5317d1b1f11b762988456fbfc1dcf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe

Filesize
184KB

MD5
ab951e1dbf1109cfe63dad296cbdb956

SHA1
ce9aeb788707feb559280d773d1b01b609f915a0

SHA256
41ade939df5e9ad0f98ed8c6fefc238e1648d316fa09c6dacb33423e99bb1021

SHA512
a851b17c4a413e7ad4122ce6b24bd025e8e5ccb0a452ef0cab450fd9fb5a0e12aad7512df6dbc350ca4dfe9e6d871f608c4614d5bc09e70623d5875027e2db7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe

Filesize
184KB

MD5
0a84f32bb8730690e2f69866290d07f4

SHA1
fe68f552280f53c9ef32765f01c81ac696745d22

SHA256
8bdb3d8e4070cc4fc6556cb6be98341354be04b870471cc5711ce55386f2fa48

SHA512
26c746409aa2ccc481ee520f2b99e6e70937ca42d0874654b8bf18c09f035b9a9d7c0dfee3c3a92f29c3d28cc5dc32c82b3beb8712dfc8dbb436b81d2fbedc96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe

Filesize
184KB

MD5
f50659706bdf14fc6bec63edfb80fab5

SHA1
2a5877a8c29024e0dbf5730e114ebe54ebeb80a5

SHA256
afbb51a406ff4fc62154358985ffe1a6f8fd84047a4daef627dc298417cbcc98

SHA512
7ae8e7e746f8ebf2875cdb26ff514da4a35dad9e2b32435486804a52248f43ecb53373ce04e6254df2c22cab481eb8f3a7801467735c87dd4da9f732a049d570

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe

Filesize
184KB

MD5
144d2fe11312fb1af6d1faff1218657b

SHA1
312e25660a4cb5b1b4098b226de189b8e68b0e45

SHA256
d7b8311c1490a72f50d5903a610a28938d822dad8687e6080c391d5b0f263ba7

SHA512
20601d0ca27ad8ae92570085346fa040cfc47a5aa5249fe90099898f0a806ea9414ca71611e4a38af81ab4ad70e4f82f762969445c48250b9462dd0a20fdab65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe

Filesize
184KB

MD5
11156a6ee21240f1fa6da56c30e74469

SHA1
870d1e293698a1976195728a432b45ccd92b831e

SHA256
83912094ed0f1c69e4dd56fa8dec10408b27c88a84238c7e7223525a9808094f

SHA512
38587f53beed492ec76fcedfb560f704ba84b0d917bce6f7a7571fe84cdc9e1f99ec5bd9d21cee932a21f8651222dbd44596ba11a4656457102a58f5bad2f366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe

Filesize
184KB

MD5
11e8edd77f124ac6ec2555e274a0025d

SHA1
e39b780390e1b871d66280f8c5a3bd1aaebcca10

SHA256
4e7d032df1e61a46dad95b55cb27f7c93f771e51aab4c963126f771cdf382fac

SHA512
1dd5d9631046e3f2592b748843244009bad1f40a64970a6bae7693ca025ffd10c127e0180391d5a7502309e650241ed8f406ca3221c0083053a0beeffa7aaa42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe

Filesize
184KB

MD5
cb85210652ba6e84d0a248c5ef8b3bc2

SHA1
678526c0563bfbe8e085eab2cfe32723409dbd6f

SHA256
c6ffd99836be5afc45ffdd30b21ef8ccf068c5fd2300f9392c225900034083f2

SHA512
0d724e870c1f06b1fffdff4688ec06f07bd0e03ff000553adc14d9c2eeda084be857f5988f3e958e3fd012348ccc887fc2df2a7f66b62034dc52be30673defc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe

Filesize
184KB

MD5
80b5f645eae2a401ef46dda6061e1d66

SHA1
dc7a8c091ae215109e835c181ce94daf40064910

SHA256
c13a365f87b91483cd874b4d7a9ec2ade9cc27cddbc48b9d8edcf58346593b64

SHA512
d254bdeb85368552267b8c33fd8ffd6f2271bbdd3597835e8c20f7362c6e05ea4521e988f55b74f170f729ea088f3989ed99782afbc32b5823b6ad26b1af0fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe

Filesize
184KB

MD5
5f8a1569564279ef1f580c94f0d44722

SHA1
0d55a39d25516d96383514133a28190536db941d

SHA256
9603006d4e24b71ae11c0259f315534d7071b3e627ed5f12be12ac4886af3ba0

SHA512
6d2770c7468eb8902a6949f6c69e034a5ed2e3c2fd95166c2bcd81c34a936a4b2852e88057a53bcb7aa0442fc86988c7c397e1d350e20ef579243974276bb9dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe

Filesize
184KB

MD5
395cc764457dbbada252f62af103ced1

SHA1
a2f4d21185608794b74f9eb2b383ae8c4dbf1f47

SHA256
37306d810322efaba73a5f27084945cb160e37ca41f71ebc0cba34e71216d3b7

SHA512
17aaa38824e8101a1c0881d9cdc3f5debf3670036bdbd075189615e7c1fdbc55a2a32ec4785fd666c9d12005cc83be4e42d47f28bb0a2e0818f92f3f99294a4e

Download Submit
memory/5476-731-0x0000000002C10000-0x0000000002C20000-memory.dmp

Filesize
64KB

Download
memory/5476-566-0x00000000021C0000-0x00000000021D0000-memory.dmp

Filesize
64KB

Download
memory/5476-595-0x00000000021F0000-0x0000000002200000-memory.dmp

Filesize
64KB

Download
memory/5476-641-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/5476-658-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/5476-672-0x0000000002B40000-0x0000000002B50000-memory.dmp

Filesize
64KB

Download
memory/5476-688-0x0000000002B50000-0x0000000002B60000-memory.dmp

Filesize
64KB

Download
memory/5476-710-0x0000000002BC0000-0x0000000002BD0000-memory.dmp

Filesize
64KB

Download
memory/5476-712-0x0000000002BE0000-0x0000000002BF0000-memory.dmp

Filesize
64KB

Download
memory/5476-720-0x0000000002C00000-0x0000000002C10000-memory.dmp

Filesize
64KB

Download
memory/5476-613-0x0000000002210000-0x0000000002220000-memory.dmp

Filesize
64KB

Download
memory/5476-713-0x0000000002BF0000-0x0000000002C00000-memory.dmp

Filesize
64KB

Download
memory/5476-711-0x0000000002BD0000-0x0000000002BE0000-memory.dmp

Filesize
64KB

Download
memory/5476-709-0x0000000002BB0000-0x0000000002BC0000-memory.dmp

Filesize
64KB

Download
memory/5476-707-0x0000000002BA0000-0x0000000002BB0000-memory.dmp

Filesize
64KB

Download
memory/5476-702-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/5476-701-0x0000000002B80000-0x0000000002B90000-memory.dmp

Filesize
64KB

Download
memory/5476-700-0x0000000002B70000-0x0000000002B80000-memory.dmp

Filesize
64KB

Download
memory/5476-699-0x0000000002B60000-0x0000000002B70000-memory.dmp

Filesize
64KB

Download
memory/5476-670-0x0000000002B30000-0x0000000002B40000-memory.dmp

Filesize
64KB

Download
memory/5476-668-0x0000000002B20000-0x0000000002B30000-memory.dmp

Filesize
64KB

Download
memory/5476-666-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/5476-664-0x0000000002B00000-0x0000000002B10000-memory.dmp

Filesize
64KB

Download
memory/5476-662-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/5476-642-0x0000000002AD0000-0x0000000002AE0000-memory.dmp

Filesize
64KB

Download
memory/5476-640-0x0000000002AB0000-0x0000000002AC0000-memory.dmp

Filesize
64KB

Download
memory/5476-638-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/5476-584-0x00000000021E0000-0x00000000021F0000-memory.dmp

Filesize
64KB

Download
memory/5476-581-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/5476-610-0x0000000002200000-0x0000000002210000-memory.dmp

Filesize
64KB

Download
memory/5476-565-0x00000000021B0000-0x00000000021C0000-memory.dmp

Filesize
64KB

Download
memory/5476-564-0x0000000002190000-0x00000000021A0000-memory.dmp

Filesize
64KB

Download
memory/5476-556-0x0000000000790000-0x00000000007A0000-memory.dmp

Filesize
64KB

Download
memory/5476-555-0x0000000000780000-0x0000000000790000-memory.dmp

Filesize
64KB

Download
memory/5476-553-0x0000000000770000-0x0000000000780000-memory.dmp

Filesize
64KB

Download
memory/5476-552-0x0000000000760000-0x0000000000770000-memory.dmp

Filesize
64KB

Download
memory/5476-563-0x0000000002180000-0x0000000002190000-memory.dmp

Filesize
64KB

Download
memory/5476-533-0x0000000000740000-0x0000000000750000-memory.dmp

Filesize
64KB

Download
memory/5476-532-0x0000000000730000-0x0000000000740000-memory.dmp

Filesize
64KB

Download
memory/5476-531-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/5476-530-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/5476-529-0x0000000000700000-0x0000000000710000-memory.dmp

Filesize
64KB

Download
memory/5476-528-0x00000000006F0000-0x0000000000700000-memory.dmp

Filesize
64KB

Download
memory/5476-527-0x00000000006E0000-0x00000000006F0000-memory.dmp

Filesize
64KB

Download
memory/5476-526-0x00000000006C0000-0x00000000006D0000-memory.dmp

Filesize
64KB

Download
memory/5476-525-0x00000000006B0000-0x00000000006C0000-memory.dmp

Filesize
64KB

Download
memory/5476-524-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download
memory/5476-523-0x0000000000690000-0x00000000006A0000-memory.dmp

Filesize
64KB

Download
memory/5476-521-0x0000000000670000-0x0000000000680000-memory.dmp

Filesize
64KB

Download
memory/5476-520-0x0000000000660000-0x0000000000670000-memory.dmp

Filesize
64KB

Download
memory/5476-625-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/5476-639-0x0000000002AA0000-0x0000000002AB0000-memory.dmp

Filesize
64KB

Download
memory/5476-624-0x0000000002A70000-0x0000000002A80000-memory.dmp

Filesize
64KB

Download
memory/5476-522-0x0000000000680000-0x0000000000690000-memory.dmp

Filesize
64KB

Download
memory/8176-3489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/8428-3573-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17304-3465-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/18168-3609-0x00000000778F0000-0x00000000778FA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads