9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 10:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe
Size

468KB
MD5

a5dbfdc9d423ec830b3793946cee3620
SHA1

d9929d033426d43aa46a5b22c531c312f45311de
SHA256

9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b
SHA512

d3e827d30b78eb2dff3ef58898c8ad32b0669641eb3e4f40980a5d398eddbdc2180cc5be4967b2cfd5fb9aee87c0b8d6976cfd5050d6535848733da9caba3d37
SSDEEP

3072:/ICpovIcU35/tbYAPgr5Of8/v59fNIXXlmHoxSxFJaRwVfOuwMlA:/IAo8J/tLPq5OfY2JAJaKFOuw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4984	Unicorn-45373.exe
2900	Unicorn-14812.exe
3352	Unicorn-60484.exe
1668	Unicorn-29333.exe
4172	Unicorn-50308.exe
3732	Unicorn-12804.exe
1884	Unicorn-43623.exe
2276	Unicorn-8284.exe
1860	Unicorn-37619.exe
2884	Unicorn-45041.exe
3208	Unicorn-49125.exe
1836	Unicorn-24621.exe
3096	Unicorn-32524.exe
1420	Unicorn-12923.exe
2464	Unicorn-22574.exe
3220	Unicorn-39141.exe
1616	Unicorn-63645.exe
2056	Unicorn-12398.exe
3196	Unicorn-18145.exe
4420	Unicorn-18145.exe
2980	Unicorn-64605.exe
4488	Unicorn-64605.exe
1256	Unicorn-64605.exe
2420	Unicorn-48004.exe
2220	Unicorn-42139.exe
4464	Unicorn-39339.exe
1124	Unicorn-28403.exe
2356	Unicorn-412.exe
2960	Unicorn-41253.exe
2676	Unicorn-967.exe
5108	Unicorn-53505.exe
4068	Unicorn-32628.exe
3980	Unicorn-583.exe
4320	Unicorn-44443.exe
1404	Unicorn-37745.exe
3436	Unicorn-1543.exe
3860	Unicorn-796.exe
4536	Unicorn-41067.exe
1652	Unicorn-58165.exe
4908	Unicorn-17687.exe
2060	Unicorn-63593.exe
3964	Unicorn-47257.exe
4216	Unicorn-6224.exe
4896	Unicorn-47257.exe
3656	Unicorn-9347.exe
4380	Unicorn-34548.exe
2432	Unicorn-14947.exe
1492	Unicorn-10863.exe
1824	Unicorn-28682.exe
3592	Unicorn-35389.exe
440	Unicorn-22945.exe
4052	Unicorn-52088.exe
4276	Unicorn-59701.exe
952	Unicorn-37043.exe
3220	Unicorn-43173.exe
4920	Unicorn-43173.exe
4180	Unicorn-2887.exe
3680	Unicorn-17906.exe
4024	Unicorn-40324.exe
4056	Unicorn-48757.exe
716	Unicorn-13846.exe
4060	Unicorn-7724.exe
2476	Unicorn-15627.exe
2636	Unicorn-56349.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
4312	1668	WerFault.exe	95
2084	2276	WerFault.exe	101
1772	3220	WerFault.exe	112
724	2356	WerFault.exe	126
6304	3592	WerFault.exe	150
10728	6180	WerFault.exe	293
9972	5692	WerFault.exe	198
13152	6636	WerFault.exe	264
11600	15948	WerFault.exe	763
14960	9984	WerFault.exe	459
11372	17272	WerFault.exe	847
15840	3912	Process not Found	1032
8284	5652	Process not Found	1054
13708	12548	Process not Found	1187
15368	1212	Process not Found	1061

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	18292	Process not Found
Token: SeChangeNotifyPrivilege	18292	Process not Found
Token: 33	18292	Process not Found
Token: SeIncBasePriorityPrivilege	18292	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe
4984	Unicorn-45373.exe
2900	Unicorn-14812.exe
3352	Unicorn-60484.exe
1668	Unicorn-29333.exe
4172	Unicorn-50308.exe
1884	Unicorn-43623.exe
3732	Unicorn-12804.exe
2276	Unicorn-8284.exe
1860	Unicorn-37619.exe
1836	Unicorn-24621.exe
2884	Unicorn-45041.exe
3208	Unicorn-49125.exe
3096	Unicorn-32524.exe
2464	Unicorn-22574.exe
1420	Unicorn-12923.exe
3220	Unicorn-39141.exe
1616	Unicorn-63645.exe
2056	Unicorn-12398.exe
4420	Unicorn-18145.exe
3196	Unicorn-18145.exe
4488	Unicorn-64605.exe
2220	Unicorn-42139.exe
4464	Unicorn-39339.exe
2980	Unicorn-64605.exe
1256	Unicorn-64605.exe
2420	Unicorn-48004.exe
1124	Unicorn-28403.exe
2356	Unicorn-412.exe
2960	Unicorn-41253.exe
2676	Unicorn-967.exe
4068	Unicorn-32628.exe
5108	Unicorn-53505.exe
3980	Unicorn-583.exe
4320	Unicorn-44443.exe
1404	Unicorn-37745.exe
3436	Unicorn-1543.exe
3860	Unicorn-796.exe
1652	Unicorn-58165.exe
4536	Unicorn-41067.exe
4908	Unicorn-17687.exe
2060	Unicorn-63593.exe
3964	Unicorn-47257.exe
4216	Unicorn-6224.exe
4896	Unicorn-47257.exe
3656	Unicorn-9347.exe
2432	Unicorn-14947.exe
1492	Unicorn-10863.exe
1824	Unicorn-28682.exe
4380	Unicorn-34548.exe
3592	Unicorn-35389.exe
440	Unicorn-22945.exe
4052	Unicorn-52088.exe
3220	Unicorn-43173.exe
952	Unicorn-37043.exe
4276	Unicorn-59701.exe
4920	Unicorn-43173.exe
3680	Unicorn-17906.exe
4180	Unicorn-2887.exe
4024	Unicorn-40324.exe
4056	Unicorn-48757.exe
716	Unicorn-13846.exe
2476	Unicorn-15627.exe
4060	Unicorn-7724.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4984	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	89
PID 4476 wrote to memory of 4984	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	89
PID 4476 wrote to memory of 4984	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	89
PID 4984 wrote to memory of 2900	4984	Unicorn-45373.exe	92
PID 4984 wrote to memory of 2900	4984	Unicorn-45373.exe	92
PID 4984 wrote to memory of 2900	4984	Unicorn-45373.exe	92
PID 4476 wrote to memory of 3352	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	93
PID 4476 wrote to memory of 3352	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	93
PID 4476 wrote to memory of 3352	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	93
PID 2900 wrote to memory of 1668	2900	Unicorn-14812.exe	95
PID 2900 wrote to memory of 1668	2900	Unicorn-14812.exe	95
PID 2900 wrote to memory of 1668	2900	Unicorn-14812.exe	95
PID 4984 wrote to memory of 4172	4984	Unicorn-45373.exe	96
PID 4984 wrote to memory of 4172	4984	Unicorn-45373.exe	96
PID 4984 wrote to memory of 4172	4984	Unicorn-45373.exe	96
PID 3352 wrote to memory of 3732	3352	Unicorn-60484.exe	98
PID 3352 wrote to memory of 3732	3352	Unicorn-60484.exe	98
PID 3352 wrote to memory of 3732	3352	Unicorn-60484.exe	98
PID 4476 wrote to memory of 1884	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	99
PID 4476 wrote to memory of 1884	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	99
PID 4476 wrote to memory of 1884	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	99
PID 1668 wrote to memory of 2276	1668	Unicorn-29333.exe	101
PID 1668 wrote to memory of 2276	1668	Unicorn-29333.exe	101
PID 1668 wrote to memory of 2276	1668	Unicorn-29333.exe	101
PID 2900 wrote to memory of 1860	2900	Unicorn-14812.exe	102
PID 2900 wrote to memory of 1860	2900	Unicorn-14812.exe	102
PID 2900 wrote to memory of 1860	2900	Unicorn-14812.exe	102
PID 4172 wrote to memory of 2884	4172	Unicorn-50308.exe	103
PID 4172 wrote to memory of 2884	4172	Unicorn-50308.exe	103
PID 4172 wrote to memory of 2884	4172	Unicorn-50308.exe	103
PID 1884 wrote to memory of 3208	1884	Unicorn-43623.exe	104
PID 1884 wrote to memory of 3208	1884	Unicorn-43623.exe	104
PID 1884 wrote to memory of 3208	1884	Unicorn-43623.exe	104
PID 3732 wrote to memory of 1836	3732	Unicorn-12804.exe	106
PID 3732 wrote to memory of 1836	3732	Unicorn-12804.exe	106
PID 3732 wrote to memory of 1836	3732	Unicorn-12804.exe	106
PID 3352 wrote to memory of 1420	3352	Unicorn-60484.exe	108
PID 3352 wrote to memory of 1420	3352	Unicorn-60484.exe	108
PID 3352 wrote to memory of 1420	3352	Unicorn-60484.exe	108
PID 4476 wrote to memory of 3096	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	109
PID 4476 wrote to memory of 3096	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	109
PID 4476 wrote to memory of 3096	4476	9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe	109
PID 4984 wrote to memory of 2464	4984	Unicorn-45373.exe	107
PID 4984 wrote to memory of 2464	4984	Unicorn-45373.exe	107
PID 4984 wrote to memory of 2464	4984	Unicorn-45373.exe	107
PID 2276 wrote to memory of 3220	2276	Unicorn-8284.exe	112
PID 2276 wrote to memory of 3220	2276	Unicorn-8284.exe	112
PID 2276 wrote to memory of 3220	2276	Unicorn-8284.exe	112
PID 1860 wrote to memory of 1616	1860	Unicorn-37619.exe	113
PID 1860 wrote to memory of 1616	1860	Unicorn-37619.exe	113
PID 1860 wrote to memory of 1616	1860	Unicorn-37619.exe	113
PID 2900 wrote to memory of 2056	2900	Unicorn-14812.exe	116
PID 2900 wrote to memory of 2056	2900	Unicorn-14812.exe	116
PID 2900 wrote to memory of 2056	2900	Unicorn-14812.exe	116
PID 1420 wrote to memory of 3196	1420	Unicorn-12923.exe	117
PID 1420 wrote to memory of 3196	1420	Unicorn-12923.exe	117
PID 1420 wrote to memory of 3196	1420	Unicorn-12923.exe	117
PID 2464 wrote to memory of 4420	2464	Unicorn-22574.exe	118
PID 2464 wrote to memory of 4420	2464	Unicorn-22574.exe	118
PID 2464 wrote to memory of 4420	2464	Unicorn-22574.exe	118
PID 1836 wrote to memory of 1256	1836	Unicorn-24621.exe	120
PID 1836 wrote to memory of 1256	1836	Unicorn-24621.exe	120
PID 1836 wrote to memory of 1256	1836	Unicorn-24621.exe	120
PID 3096 wrote to memory of 2980	3096	Unicorn-32524.exe	119

C:\Users\Admin\AppData\Local\Temp\9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9f846576b348dabe9b5f6951a7148daf8b17ddf9f98ca4be8a5568d51144894b_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40729.exe
        10⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 628
        11⤵
        Program crash
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 652
        10⤵
        Program crash
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 724
        9⤵
        Program crash
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 728
        8⤵
        Program crash
        
        PID:724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 744
        7⤵
        Program crash
        
        PID:1772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 708
        6⤵
        Program crash
        
        PID:2084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 724
        5⤵
        Program crash
        
        PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        10⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        11⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        10⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7607.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        10⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        9⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        9⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        9⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        10⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        10⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        10⤵
        
        PID:17512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        9⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        9⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        8⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29851.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        8⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        9⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11375.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        9⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        8⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        8⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        7⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        9⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        10⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2719.exe
        9⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        9⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        8⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
        9⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        8⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        8⤵
        
        PID:17692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        7⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        7⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        7⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        7⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        6⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        8⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        9⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        9⤵
        
        PID:17700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        7⤵
        
        PID:16032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55316.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        7⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        8⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        8⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        8⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        8⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        8⤵
        
        PID:17400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        8⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7519.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46285.exe
        8⤵
        
        PID:15760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        7⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51624.exe
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        7⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        7⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65013.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27693.exe
        5⤵
        
        PID:16400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        9⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        9⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        8⤵
        
        PID:13580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        7⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        7⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        8⤵
        
        PID:14296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        8⤵
        
        PID:17580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        7⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
        7⤵
        
        PID:16692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        7⤵
        
        PID:16580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        6⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        8⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49704.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        6⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        7⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        6⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
        7⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65034.exe
        7⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        6⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        6⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        5⤵
        
        PID:17012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        6⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        9⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        9⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        7⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        8⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7238.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        7⤵
        
        PID:17184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        7⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        6⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        6⤵
        
        PID:13260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        6⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23353.exe
        7⤵
        
        PID:13916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        7⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        6⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        6⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        6⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        7⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        6⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        5⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        6⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        5⤵
        
        PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1676.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
        6⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        5⤵
        
        PID:11756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        5⤵
        
        PID:15824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59098.exe
      4⤵
      PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      4⤵
      PID:15988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        9⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        9⤵
        
        PID:16148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        8⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        9⤵
        
        PID:17040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        7⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        6⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        7⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        8⤵
        
        PID:16988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        6⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        6⤵
        
        PID:17868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        7⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        7⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        6⤵
        
        PID:16176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
        5⤵
        
        PID:15956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        5⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        6⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        8⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        8⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        8⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        7⤵
        
        PID:16244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
        6⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        6⤵
        
        PID:12344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
        5⤵
        
        PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:17784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        7⤵
        
        PID:13364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        
        PID:17480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        6⤵
        
        PID:10256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        5⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        6⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        5⤵
        
        PID:9952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47103.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        5⤵
        
        PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        6⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        5⤵
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
      4⤵
      PID:16104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        6⤵
        Executes dropped EXE
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        8⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        9⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        9⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        8⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
        8⤵
        
        PID:16852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        8⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
        7⤵
        
        PID:17076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        7⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
        6⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        8⤵
        
        PID:17708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        7⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        7⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        7⤵
        
        PID:17728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        6⤵
        
        PID:17160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11787.exe
        5⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        7⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:17800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        6⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40613.exe
        6⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        5⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        7⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        7⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        6⤵
        
        PID:12792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
        6⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
        6⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        6⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        7⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        6⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        6⤵
        
        PID:12388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        5⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
      4⤵
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        7⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        7⤵
        
        PID:15584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        6⤵
        
        PID:11492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        6⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        6⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4918.exe
        5⤵
        
        PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        5⤵
        
        PID:15948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15948 -s 464
        6⤵
        Program crash
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        5⤵
        
        PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        5⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        6⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        7⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        6⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
      4⤵
      PID:16348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        7⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        6⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61128.exe
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        7⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        8⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        6⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        6⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5231.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        6⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        5⤵
        
        PID:11796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        5⤵
        
        PID:344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        5⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
        5⤵
        
        PID:14268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        5⤵
        
        PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
      4⤵
      PID:15004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
      4⤵
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8995.exe
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        6⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        5⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        6⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        6⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        5⤵
        
        PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      4⤵
      PID:17820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
    3⤵
    PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        6⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
        5⤵
        
        PID:11240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        5⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        5⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        5⤵
        
        PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        5⤵
        
        PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
      4⤵
      PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
      4⤵
      PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      4⤵
      PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32329.exe
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
      4⤵
      PID:16952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
    3⤵
    PID:10048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
    3⤵
    PID:14460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        8⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13034.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        7⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        6⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        6⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37873.exe
        8⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63596.exe
        7⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        7⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        6⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        5⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        7⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48987.exe
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
        5⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36143.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        5⤵
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        6⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        8⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        8⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        7⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47348.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        7⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        8⤵
        
        PID:14720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
        8⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32162.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        6⤵
        
        PID:14480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26046.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        6⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        7⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        6⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
        6⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 632
        7⤵
        Program crash
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        5⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        5⤵
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
      4⤵
      PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5376.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        5⤵
        
        PID:15608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
      4⤵
      PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        5⤵
        
        PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
      4⤵
      PID:17032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        5⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        8⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        7⤵
        
        PID:17272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17272 -s 452
        8⤵
        Program crash
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        7⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        7⤵
        
        PID:17844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        5⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        6⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        6⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        5⤵
        
        PID:16140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        7⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        7⤵
        
        PID:17792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21026.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        5⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
        6⤵
        
        PID:16920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        5⤵
        
        PID:17572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        5⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        6⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
        5⤵
        
        PID:15580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
      4⤵
      PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        5⤵
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
      4⤵
      PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
      4⤵
      PID:15972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42139.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        8⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        8⤵
        
        PID:17744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        7⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        7⤵
        
        PID:17048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        6⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
        7⤵
        
        PID:16892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-362.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        6⤵
        
        PID:15760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        6⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
        6⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        5⤵
        
        PID:17144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        7⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        6⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        5⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        6⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        5⤵
        
        PID:8488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39519.exe
        5⤵
        
        PID:17156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        5⤵
        
        PID:17640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
      4⤵
      PID:16204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        6⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        7⤵
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        7⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
        6⤵
        
        PID:12644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        6⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        5⤵
        
        PID:13756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        5⤵
        
        PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
    3⤵
    PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
      4⤵
      PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        5⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        6⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
      4⤵
      PID:10284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
      4⤵
      PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
      4⤵
      PID:15968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
    3⤵
    PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10503.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
      4⤵
      PID:17448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
    3⤵
    PID:9984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 560
      4⤵
      Program crash
      PID:14960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
    3⤵
    PID:14676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42393.exe
        9⤵
        
        PID:15836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        8⤵
        
        PID:12268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        8⤵
        
        PID:17092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
        8⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        7⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        7⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        6⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        7⤵
        
        PID:17588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        6⤵
        
        PID:15820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25110.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        6⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54053.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61204.exe
        7⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46932.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34598.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43944.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        6⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        5⤵
        
        PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26557.exe
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
        7⤵
        
        PID:12760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        7⤵
        
        PID:16156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        6⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        7⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17754.exe
        6⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        5⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        6⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        7⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        6⤵
        
        PID:12776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        6⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        5⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        6⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        5⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27709.exe
        5⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
        7⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        7⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5598.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40087.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
      4⤵
      PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        5⤵
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
      4⤵
      PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38425.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        6⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        5⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        6⤵
        
        PID:12856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        5⤵
        
        PID:17828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        5⤵
        
        PID:13372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        5⤵
        
        PID:17616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
      4⤵
      PID:4800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        5⤵
        
        PID:11512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        5⤵
        
        PID:15904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      4⤵
      PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
      4⤵
      PID:11052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
    3⤵
    PID:60
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63233.exe
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21252.exe
    3⤵
    PID:11384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
    3⤵
    PID:15800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
    3⤵
    PID:4092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        8⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        6⤵
        
        PID:16188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        5⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        6⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        5⤵
        
        PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
        5⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        7⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        7⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        6⤵
        
        PID:12700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        6⤵
        
        PID:17624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        5⤵
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63468.exe
        5⤵
        
        PID:464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
      4⤵
      PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
      4⤵
      PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        6⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        7⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        7⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        6⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        5⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
        5⤵
        
        PID:15764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
        5⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        5⤵
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
      4⤵
      PID:13156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      4⤵
      PID:15708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
    3⤵
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10988.exe
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        5⤵
        
        PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
      4⤵
      PID:11464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46928.exe
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
      4⤵
      PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        5⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
      4⤵
      PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59423.exe
      4⤵
      PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
      4⤵
      PID:1040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
    3⤵
    PID:10016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
    3⤵
    PID:14440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1116.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        5⤵
        
        PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
      4⤵
      PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
      4⤵
      PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21107.exe
    3⤵
    PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        5⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        5⤵
        
        PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
      4⤵
      PID:13760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
    3⤵
    PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
      4⤵
      PID:12348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
    3⤵
    PID:11008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
    3⤵
    PID:16500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
    3⤵
    PID:4184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
    3⤵
    PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        5⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        5⤵
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
      4⤵
      PID:17836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
      4⤵
      PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        5⤵
        
        PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
    3⤵
    PID:17768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
  2⤵
  PID:5436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
    3⤵
    PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
      4⤵
      PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
      4⤵
      PID:16064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
    3⤵
    PID:12436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36454.exe
  2⤵
  PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
    3⤵
    PID:8604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
    3⤵
    PID:13480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
  2⤵
  PID:9760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
  2⤵
  PID:16120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1668 -ip 1668
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2276 -ip 2276
1⤵
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3220 -ip 3220
1⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2356 -ip 2356
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3592 -ip 3592
1⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6180 -ip 6180
1⤵
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5692 -ip 5692
1⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6636 -ip 6636
1⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 15916 -ip 15916
1⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 17272 -ip 17272
1⤵
PID:17016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe

Filesize
468KB

MD5
33433ae47d0013054a618f84596e64ff

SHA1
226af0e3a0ee1624c7d91a5e46aa5e44eb090aab

SHA256
862df6601dc000ea83df3c252e6fa712aa663157dd938e0cc1ab0e341c45b1fe

SHA512
1d2f287f28dc0ecf3d1b570c09ef467989659df9fe05177f6d70245934ad724ed3ccd3823a5f4bc52a123914965a338efd62c9535433386e966fb8e06318a98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe

Filesize
468KB

MD5
d23330b4ed4d4e051ac4595c5c3d1a49

SHA1
50e8713918b5bbbeed0e2a8f54c78fc9c9427207

SHA256
5df87d46c4f157750993b89ff84749f47f44c73a452ad26d253dab2d407135dc

SHA512
c2e1cd5c5f2ed413f23fb3e27fc06cfd29cd622e8442893effd57fa182976454998258ec7145d156d3b9a66c5d54f9844ad0a5765c6f60aaf458ed1a4ac0c01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe

Filesize
468KB

MD5
58910cf4bd76d239b213d040b2160bf3

SHA1
65b30e208897569b7dee8305f6af9b40e2a5df3c

SHA256
052cf631161537d9490a61aa843b2c6f0149ed84dac1f90b87c14461bcf8f98c

SHA512
1f1603e102ca94b3b9faf90281d9a8fcca69824d2cd533a233c9fa326c30fa1f10841d9d83b5ee84e064c71f98346fe29915697704dd78f065fae9cac1b91bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe

Filesize
468KB

MD5
9af9314f765177a740541788665b9ee5

SHA1
ec5199b73dfff75c0eafcc87e28d7ef6e2b24100

SHA256
0f9e45dedb05bdac02d3a4b98dba0707869db43a5a18ec129e4ac9d99094780f

SHA512
b6433381b241be3e887387298571faf9bfc28a24fc5342e826789ae4c355cea6bfafc7f042780dff8f127a6386525e205376b375e85bca92859d7aa707f54b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe

Filesize
468KB

MD5
08018d9f2926dd0cf3f561a99763501d

SHA1
628caf0df4f2a9b68a5575cf8c9a81bffac38cd6

SHA256
49477db402eae59bc1f2857546e0c29be81dc573d86854a8dfc4c6dc2a04f8ca

SHA512
12c74b505db9ceb8a37ef520348c5fe2d2b64bab41975973d7843ffa3f61f43e8365bd398548be1f60be2bd433384061f8ce19f7dfb875ebb9dd4adfec63fa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe

Filesize
468KB

MD5
8b0eac36aaa781721b35a7e8515eea20

SHA1
a6861046db7e84df9abb5f3ba62a4fa5627a8145

SHA256
f5b2aaad442938af1e860a5f7350ff74c5dd044aeef4e8bb98d7de9f427d3069

SHA512
301f604716270cf8bb0e50dded59772d1145bba8b0d1f8edd343f6d663a1fc3adabf56018e7501c8776f212d4a1c8d6b47c55d0de4bec5b9cf9b0c7499cae756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe

Filesize
468KB

MD5
802c052d3d1e4c25337f1fa8fa00283d

SHA1
8bff88eb65c496b96d63d9f0f0b6b3399b42c5bf

SHA256
19ea4a63276fd8c8f638b1993a78902e75922163f643e5bc42b730e202cd15b0

SHA512
0d85bc933a61d318bfa277f46d1982f688cab8af3260768c37bdca6fb4be51636ef888b67335e828f59013e39f80e4c6614134eb9b6def3a3dc44c75cb211a9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe

Filesize
468KB

MD5
d05a34e29632e6d2d7fda9c22ccc10a5

SHA1
f9c8fc414a13a3dffd7372aadcea72100a7e5a2c

SHA256
3c58dc80b2f3862278355c3857a9fd960d1418ec6db2ac252bfe7a42a2ce512e

SHA512
4168f08a5e902a3c2ec2e126db87ee0b4d2947bea55d9b9fa8deabd6fda4f651d5d3d9853995581a0bf79da4ae9e9c55d59dd079e5d6ebc3c43cdce33c289e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe

Filesize
468KB

MD5
dae97b12da4d2048546fc83345b5f642

SHA1
5dc5e4c8257a2e78369b636629921715b04ffcab

SHA256
c88b50fc1ad51c5a2abe15493d0aa775e613457fed01da15efbd5cbb5eddfc5f

SHA512
6f3c18aa06ba32e096ef5d9528440c76dc446162151ff97f4b2ec2ff948839cc6d21c95674fb6144e7c8912c874cd8f46acc82d781225d22831c623ab148223a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe

Filesize
468KB

MD5
dccc907aa41163b5cbb4fb9cace447d7

SHA1
1d60c4ec4a3c3d26823b5517ee389e9f9f9b7a33

SHA256
6759fcd288d66adcea1654c367152f085f4f7404b21ef3da504620c1ad2485a8

SHA512
295ee4c856e73fa15530d20a437f4ca8cbdb82013f3c1ddcb9078825fb3d3936c58f569602acc77e0f72810271d2c9940952927e9660e22a2bc5ecf1564368f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe

Filesize
468KB

MD5
263778f1841e4086e5d65fba7cbace4a

SHA1
07783c5a55e8800d5c6ed446713381ca3347f110

SHA256
93cb8fce59f3646c7ebabda2c0979cfc2bd23f4a4405fcc18d792181d54277ef

SHA512
31fdcf9689214e5851b684350ca6bb1ec28cd4acf049711c9a5a690a6330a28c989ee3b278308cbb2b209ee078e38ff7077569f31c9d82484aeee9c6cb68a00b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe

Filesize
468KB

MD5
3e4d8b3be5b61b085a0828a745a207a4

SHA1
11a4ec12ca92e8b7ad6e3ddf67838f18fb813057

SHA256
7e7bfcc68307f0002b131ee051c0d698fff24caa566b39c276ed238471273f51

SHA512
799f5a3c048d1b37b64a43546b4644ac2c7310bbe8a8c78f61ee62a66eed2eb12b0890f18f95ce6493a72e29320f49af001c7f4eac73f9d239ad3fdee7723903

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe

Filesize
468KB

MD5
3b20926dc76b2f1ab96f2c8cdcd21061

SHA1
de0079c869b2ab38da54d13f887bdd4258e48518

SHA256
e0deb4ae03da39296166ee28ee834895c9ef1900ded5dd5449b68fd41d86cf0c

SHA512
fd597e357c20c07c8c37eb34271a236a04557b8e702f9b8034fdf0f5a8a9bc9ca92485faa5812d4389014d37a2fa4877897ecd7785a0e0ce092c413270e9cde8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe

Filesize
468KB

MD5
5c52d82125bfa84f42b763c391777dc4

SHA1
89a8e75e86eaa45b1a5bd804421e86e6e04273be

SHA256
dfde074d274fac684d458415847aa725027036995e4c61e842139e0ca7de3918

SHA512
877dc2821048423a65d5ff1aa90b88c4705ade38121453693cb5a0d49b4a69607d3b8144054bcfa6213bb1af1c1539090f846a4afeef6c5d70518712b4b8fc3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe

Filesize
468KB

MD5
60cfcf25a80b6d489913aeb7af55e1f3

SHA1
29734b664991e78cc66ffe3a70ca38ea27562e62

SHA256
01f0604d5282fc3eaac3a5d91f3a5fbf00c70175d82e58b45fcf734884cb7cd5

SHA512
5821a4a36b00db3bbab1795ff5dd35f9ddf6767922610f03d8ff1c61b8d404003d4018505b5a35d20941a0cb051753fdc732a8f7e55befa7682e8b68eb8d7f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe

Filesize
468KB

MD5
bb7444712fa51edd512c9a7376e4ae61

SHA1
72683def3571b2ff68798604722ece589db2c1e7

SHA256
9210ac3e9f682aac89896d36c929266b2d181bcd0cc71e9af78c53d32ce66c19

SHA512
532057685bbdf7fe54edc99a30fc559144a97512dddb180dc2c59005dd248aec5c19742c2237e6977a39de0656b9d85d0674236a34c870dadb07809bbf3e2615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42139.exe

Filesize
468KB

MD5
94e6682275a63df7fa379935f2cbddb3

SHA1
940a9015e6486d30e9d3c91f3b056ceb55214c46

SHA256
7ee12e91e5d6e1877640c81e3f9d31432cf4fc31b7efc4afde4bdec681e6f89d

SHA512
0f4bb2d2bbc8a5054caf3c88cc6ad376ad6548fd537f58cacf12b167c3a7c1ec030a6cd25b5a879cf592f0ba64fb14310bd377377a7efa013ba3b389dafe0e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe

Filesize
468KB

MD5
3e5d1afbc9a87da38faed4406c492802

SHA1
c516324dfdd121b79b2a3cda8d85e150c65d84a3

SHA256
4c35c4995e7cec634b5049c4a44db6c3a4eee6bea1feb94611955a3daa5fadc1

SHA512
2794e03ecd1c154a973345c41d2c60441655dbba357a50c4f5d9a81cb564fa62ea67c3c7678c7530ceaa55cb7807aab45a2beef7e97c1c18a42834655f573f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe

Filesize
468KB

MD5
ae9bf89e24062fde1e73f73749a0f32f

SHA1
4a6f82231b3e28aeb0b064c72b480dab8a9bb52d

SHA256
efe60270773ca805acddec18c0942b4332c9885fa0428e6ccc44f505e7a49be8

SHA512
243fcd699ea35abe98a0049763d8cfa847923b9a0568f3cf120ca4bc5c6a9b3f974cb2b0bdc73ca02c6f53fa78523164bdedddb0947843bce12c721533ee2107

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe

Filesize
468KB

MD5
d680083ae458fee8aa986c99b98dba07

SHA1
175d80ee8840c8796377ef7d5c47b13080185f96

SHA256
6cd1fa5869b0dd61716859887554631095a316e2c2bce0cda0c75d618ccac9a7

SHA512
9944622316231aa4377c6ca1b7743f1952db0d5b474dc4ae4ab0012b9543914c9ed31e207a370047d3810205e7e8adebad86a42e57e4cd58e06d97c866303f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe

Filesize
468KB

MD5
b18ae398ff044a931a6627b3ce119b37

SHA1
b32046d1a8210cff49db75821c6cf70cb22255c3

SHA256
a976405efd660a947c3ebaa3ae03bd3ff45a80b0aa9b20a65fae4361604a13b4

SHA512
96a6452dac20f73cf1f874917779a3961e5ba1fdb96bff9897875dff6b0ad52489f6444375560573a4e2ce4b58b20083fb7887b6b00102abb0d5fcd9db115620

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe

Filesize
468KB

MD5
14b25f9d5a91a481213174a051d3f85e

SHA1
071d88986dbbf3c9b3db1d186ece86649963bc9d

SHA256
461d43ee5592f897853bc9ae3bbf07ff0c4f724555e54414fa320af2bcc02180

SHA512
a5d5c134e6724a558b2552e8e6cf1843d051644a5dc35b3c90ada0bffa8fd414f4ee2c8b3c909b7835bff97feabec75589299be9feabc07cbf8f3a622142631e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe

Filesize
468KB

MD5
0a6932db21da37c2c26d868920b94efd

SHA1
12c5c876cfeedf855b19789b60227e0ae73dc2ab

SHA256
abb624020a3754c8ab468398431f78e73e53425c838e3397482536f648b16582

SHA512
1be8532c9c1f33a15fb760eaebc9e7064223518e2cd05e11c61db4440c6d000b6ee14978e1d8f4d16e361e35f4dc7107255588fd1566351cbc4c0241b89a0b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe

Filesize
468KB

MD5
2a5ea7bffea62c7ada5f694dc4183d8c

SHA1
be8b4b0edbb2d4a4f052ca77e0ace7b866dc2440

SHA256
9ffc575cc96e0c86ec91a42eb26aa0c23db86e5e5d8955a4a6d75688709dca8d

SHA512
d393636c643eb5eed4f8d06c00ca8605e55d37f1e4ceb5001fd089b61a27c01c2008042418c3d750eaf5fb19434906dc8cd11a8d25e645ea0e7d9df10d892c1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe

Filesize
468KB

MD5
f86ce0ab8e496d45b47d55fbfa617733

SHA1
0bd58d04f2457f6a774036c64e529fa9aeebb90f

SHA256
46e570f0191848e0bf1517368564145d62bf3b218612cf814511670c2127e3b3

SHA512
8bf56ac9e3777ded9c15487e3a02922c85fd0171b6c71d7b81b5a6397d750ab90a276678898ca3da6a0889b2b3195d7bc11452d05c7d55005c07c4539834656c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe

Filesize
468KB

MD5
6e122cc8f5f1f991fac18c8ff3123e94

SHA1
5fc4832c2cc38d839e0df564464d812a18ceb206

SHA256
f9d1543fb25a2085d6c2c9b143b12e57780a7c38e5aec1bec33bfe5627595aad

SHA512
1923af5cff1771a55a22c91688af7bd441ff05a190217d83acd2ca2a65c93f429545b06f06c7075db2515f0b078258b48dee92b962918b903421b0a3f7af110d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe

Filesize
468KB

MD5
1f1a2616affdaf205caab1c4ba035894

SHA1
bebeb0fe8817ca079b9a3e96c85182dac46eee7e

SHA256
e9ecd48c1fc0681297235aea6de02dd6eaae3a0f6908d65ad5c773fc39653b10

SHA512
8f3fc74824431b7325d5f9427bfe828c25e0eeaabc78b60ca025254ca6c0d5d41003e800dc3accee24a5557d65e0e8f2eeb8c26f3e774260ac18e4fae920a2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe

Filesize
468KB

MD5
8408d5ede6065a7d3174a4108dc0dd31

SHA1
ac18d08223500ec4e34eafe38f289e227d5d86de

SHA256
d55714925402c083cad9e899585b08c860219cf8376a1c43211e29d582720978

SHA512
f2ac5e119c532f2020ff45c50dae96b75c4fdb33364323fbba44f2194eee59390220650752840870eb83195fc89c5031de3e1bbc16425fb4fd0612163e6e733a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe

Filesize
468KB

MD5
8644c2cd4756d0d3d52f08406dda39f3

SHA1
37866f464f8b3914b84785aa4dfeeb33826fc97a

SHA256
77b6831b13861a608c40d4f2e9602adc39875e3c31945ecaeb95ee4e6eb92664

SHA512
a2a59c3bacf74bb62c9d56eec7bf64beda97d97bade63df850ee182d5b23f9b1a3f390deaa83b7650e4e4a75fa53b7e5f53092832de39b652fdddd134facdcfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe

Filesize
468KB

MD5
29ca7415a821dc1da04f2f2aed25f5cf

SHA1
8f35bdcc9a809b337539966757c7bff93a1ee454

SHA256
25ac77a6009cd84bd7de333e3db135564b5daf3ad74889772f9cef695181cbaa

SHA512
40cda335bb5976824238601c690741891e6f33fe97558f5b53668b793d761ce28a1122ce5112b87a5808752de198b9b557fb5f0736fc26a3f836d2b2773f2712

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe

Filesize
468KB

MD5
6cf45df9b3baa8326f2efedd6a41f45f

SHA1
dbff5294daa0a2a11463484258ce72449c1b13f1

SHA256
c70fbe5e39e751a36538624476fe70cb196a6aa02a15af3d095873b6c4ace7d8

SHA512
78edb2e29ec3555b126c8b29134f5764a6688f18870a9862b03383eea9122fe01668339fa6fa89d4d1dfba0fbfd888dc4b7b2076b3490cf31a9d0b4c1c514e03

Download Submit
memory/1860-2527-0x0000000074F00000-0x0000000074FDB000-memory.dmp

Filesize
876KB

Download
memory/1860-2744-0x00000000761D0000-0x00000000762A3000-memory.dmp

Filesize
844KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads