0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7

Analysis

max time kernel
146s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe
Size

184KB
MD5

ba62cf0e658faf6ff01a6ae4279a0f30
SHA1

cfff57ea66141b9d3b52f0a1ce3df22dc39f7037
SHA256

0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7
SHA512

dbdb8218c9c26a2bd43fa52e58e4759b2224729077cbfb83b375fd391c35ce48444d48d0cd5d20c7804bdc19d0b0cb37cb4d18100f2d7adfef4b3fad76c03118
SSDEEP

3072:LIbRfJo09+q+EILOWjuQvNVSlvnqnviu:LILosrILUQ1VSlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2736	Unicorn-20887.exe
456	Unicorn-46543.exe
4080	Unicorn-25608.exe
4292	Unicorn-8463.exe
4188	Unicorn-52511.exe
448	Unicorn-23822.exe
4608	Unicorn-10087.exe
1212	Unicorn-39081.exe
4308	Unicorn-27383.exe
4128	Unicorn-29844.exe
4132	Unicorn-9423.exe
116	Unicorn-47341.exe
3204	Unicorn-52137.exe
2936	Unicorn-32536.exe
1252	Unicorn-34757.exe
4328	Unicorn-42179.exe
3236	Unicorn-1893.exe
2868	Unicorn-48977.exe
2324	Unicorn-5021.exe
1892	Unicorn-21266.exe
4872	Unicorn-47908.exe
4260	Unicorn-40617.exe
1912	Unicorn-20751.exe
1784	Unicorn-9128.exe
3480	Unicorn-63730.exe
3832	Unicorn-9890.exe
1076	Unicorn-52604.exe
3192	Unicorn-11928.exe
2892	Unicorn-13272.exe
2792	Unicorn-15318.exe
3284	Unicorn-12858.exe
3936	Unicorn-65396.exe
1608	Unicorn-17356.exe
4952	Unicorn-8582.exe
2476	Unicorn-28448.exe
4376	Unicorn-32532.exe
3812	Unicorn-24918.exe
4316	Unicorn-48603.exe
1392	Unicorn-17649.exe
2000	Unicorn-46984.exe
3880	Unicorn-1120.exe
2508	Unicorn-42464.exe
4700	Unicorn-42729.exe
2960	Unicorn-63456.exe
4356	Unicorn-6849.exe
1792	Unicorn-50897.exe
2232	Unicorn-57119.exe
4092	Unicorn-37253.exe
2236	Unicorn-18779.exe
2544	Unicorn-56050.exe
4548	Unicorn-65287.exe
1564	Unicorn-65287.exe
3276	Unicorn-55950.exe
1620	Unicorn-36614.exe
4488	Unicorn-65479.exe
1516	Unicorn-17348.exe
5056	Unicorn-17348.exe
3964	Unicorn-47560.exe
816	Unicorn-49755.exe
5036	Unicorn-43890.exe
2652	Unicorn-36952.exe
2852	Unicorn-518.exe
3304	Unicorn-1395.exe
3716	Unicorn-46512.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
3856	1252	WerFault.exe	107
4364	3936	WerFault.exe	126
1180	2852	WerFault.exe	158
12444	4340	WerFault.exe	280
14164	6596	WerFault.exe	286
18136	2004	WerFault.exe	846

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe
2736	Unicorn-20887.exe
456	Unicorn-46543.exe
4080	Unicorn-25608.exe
4292	Unicorn-8463.exe
448	Unicorn-23822.exe
4188	Unicorn-52511.exe
4608	Unicorn-10087.exe
1212	Unicorn-39081.exe
4308	Unicorn-27383.exe
4128	Unicorn-29844.exe
3204	Unicorn-52137.exe
2936	Unicorn-32536.exe
116	Unicorn-47341.exe
4132	Unicorn-9423.exe
1252	Unicorn-34757.exe
4328	Unicorn-42179.exe
3236	Unicorn-1893.exe
2868	Unicorn-48977.exe
2324	Unicorn-5021.exe
1892	Unicorn-21266.exe
4872	Unicorn-47908.exe
1076	Unicorn-52604.exe
3192	Unicorn-11928.exe
4260	Unicorn-40617.exe
1912	Unicorn-20751.exe
3832	Unicorn-9890.exe
1784	Unicorn-9128.exe
3480	Unicorn-63730.exe
2792	Unicorn-15318.exe
2892	Unicorn-13272.exe
3284	Unicorn-12858.exe
3936	Unicorn-65396.exe
1608	Unicorn-17356.exe
2476	Unicorn-28448.exe
4952	Unicorn-8582.exe
4376	Unicorn-32532.exe
3812	Unicorn-24918.exe
4316	Unicorn-48603.exe
1392	Unicorn-17649.exe
2000	Unicorn-46984.exe
4700	Unicorn-42729.exe
2508	Unicorn-42464.exe
4356	Unicorn-6849.exe
2960	Unicorn-63456.exe
1792	Unicorn-50897.exe
4548	Unicorn-65287.exe
2236	Unicorn-18779.exe
1564	Unicorn-65287.exe
2232	Unicorn-57119.exe
2544	Unicorn-56050.exe
1620	Unicorn-36614.exe
3276	Unicorn-55950.exe
4092	Unicorn-37253.exe
1516	Unicorn-17348.exe
4488	Unicorn-65479.exe
5056	Unicorn-17348.exe
3964	Unicorn-47560.exe
816	Unicorn-49755.exe
5036	Unicorn-43890.exe
2652	Unicorn-36952.exe
2852	Unicorn-518.exe
3716	Unicorn-46512.exe
4932	Unicorn-8494.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 2736	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	88
PID 3960 wrote to memory of 2736	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	88
PID 3960 wrote to memory of 2736	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	88
PID 2736 wrote to memory of 456	2736	Unicorn-20887.exe	91
PID 2736 wrote to memory of 456	2736	Unicorn-20887.exe	91
PID 2736 wrote to memory of 456	2736	Unicorn-20887.exe	91
PID 3960 wrote to memory of 4080	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	92
PID 3960 wrote to memory of 4080	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	92
PID 3960 wrote to memory of 4080	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	92
PID 456 wrote to memory of 4292	456	Unicorn-46543.exe	94
PID 456 wrote to memory of 4292	456	Unicorn-46543.exe	94
PID 456 wrote to memory of 4292	456	Unicorn-46543.exe	94
PID 4080 wrote to memory of 4188	4080	Unicorn-25608.exe	95
PID 4080 wrote to memory of 4188	4080	Unicorn-25608.exe	95
PID 4080 wrote to memory of 4188	4080	Unicorn-25608.exe	95
PID 3960 wrote to memory of 448	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	96
PID 3960 wrote to memory of 448	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	96
PID 3960 wrote to memory of 448	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	96
PID 2736 wrote to memory of 4608	2736	Unicorn-20887.exe	97
PID 2736 wrote to memory of 4608	2736	Unicorn-20887.exe	97
PID 2736 wrote to memory of 4608	2736	Unicorn-20887.exe	97
PID 4292 wrote to memory of 1212	4292	Unicorn-8463.exe	100
PID 4292 wrote to memory of 1212	4292	Unicorn-8463.exe	100
PID 4292 wrote to memory of 1212	4292	Unicorn-8463.exe	100
PID 456 wrote to memory of 4308	456	Unicorn-46543.exe	101
PID 456 wrote to memory of 4308	456	Unicorn-46543.exe	101
PID 456 wrote to memory of 4308	456	Unicorn-46543.exe	101
PID 4608 wrote to memory of 4128	4608	Unicorn-10087.exe	102
PID 4608 wrote to memory of 4128	4608	Unicorn-10087.exe	102
PID 4608 wrote to memory of 4128	4608	Unicorn-10087.exe	102
PID 448 wrote to memory of 4132	448	Unicorn-23822.exe	103
PID 448 wrote to memory of 4132	448	Unicorn-23822.exe	103
PID 448 wrote to memory of 4132	448	Unicorn-23822.exe	103
PID 2736 wrote to memory of 116	2736	Unicorn-20887.exe	104
PID 2736 wrote to memory of 116	2736	Unicorn-20887.exe	104
PID 2736 wrote to memory of 116	2736	Unicorn-20887.exe	104
PID 3960 wrote to memory of 3204	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	105
PID 3960 wrote to memory of 3204	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	105
PID 3960 wrote to memory of 3204	3960	0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe	105
PID 4080 wrote to memory of 2936	4080	Unicorn-25608.exe	106
PID 4080 wrote to memory of 2936	4080	Unicorn-25608.exe	106
PID 4080 wrote to memory of 2936	4080	Unicorn-25608.exe	106
PID 4188 wrote to memory of 1252	4188	Unicorn-52511.exe	107
PID 4188 wrote to memory of 1252	4188	Unicorn-52511.exe	107
PID 4188 wrote to memory of 1252	4188	Unicorn-52511.exe	107
PID 1212 wrote to memory of 4328	1212	Unicorn-39081.exe	108
PID 1212 wrote to memory of 4328	1212	Unicorn-39081.exe	108
PID 1212 wrote to memory of 4328	1212	Unicorn-39081.exe	108
PID 4292 wrote to memory of 3236	4292	Unicorn-8463.exe	109
PID 4292 wrote to memory of 3236	4292	Unicorn-8463.exe	109
PID 4292 wrote to memory of 3236	4292	Unicorn-8463.exe	109
PID 4308 wrote to memory of 2868	4308	Unicorn-27383.exe	110
PID 4308 wrote to memory of 2868	4308	Unicorn-27383.exe	110
PID 4308 wrote to memory of 2868	4308	Unicorn-27383.exe	110
PID 456 wrote to memory of 2324	456	Unicorn-46543.exe	111
PID 456 wrote to memory of 2324	456	Unicorn-46543.exe	111
PID 456 wrote to memory of 2324	456	Unicorn-46543.exe	111
PID 4128 wrote to memory of 1892	4128	Unicorn-29844.exe	112
PID 4128 wrote to memory of 1892	4128	Unicorn-29844.exe	112
PID 4128 wrote to memory of 1892	4128	Unicorn-29844.exe	112
PID 116 wrote to memory of 4872	116	Unicorn-47341.exe	113
PID 116 wrote to memory of 4872	116	Unicorn-47341.exe	113
PID 116 wrote to memory of 4872	116	Unicorn-47341.exe	113
PID 2936 wrote to memory of 4260	2936	Unicorn-32536.exe	114

C:\Users\Admin\AppData\Local\Temp\0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a8599a299bf7ca0967f2832079ccb89a01fa6a5c914996416c7b7ac3d57e0c7_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        10⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        10⤵
        
        PID:12716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        10⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        9⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        10⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        9⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        9⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        9⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
        9⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5581.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        8⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        8⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        10⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        10⤵
        
        PID:13780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        10⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        9⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        9⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        9⤵
        
        PID:16016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        9⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        9⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        8⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        8⤵
        
        PID:16428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        8⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        9⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        9⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        9⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        7⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        8⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19539.exe
        8⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        7⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        10⤵
        
        PID:12632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        11⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        10⤵
        
        PID:15712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        9⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        9⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        8⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        8⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        8⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        8⤵
        
        PID:16940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
        9⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        9⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        9⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        8⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
        7⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7409.exe
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        8⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        9⤵
        
        PID:17848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22306.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        9⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37012.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        8⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        8⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        8⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        7⤵
        
        PID:14224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
        8⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        8⤵
        
        PID:13852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        8⤵
        
        PID:17204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        7⤵
        
        PID:15484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        7⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        6⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        7⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        6⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 720
        7⤵
        Program crash
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        8⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        8⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        8⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7809.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        8⤵
        
        PID:15320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        8⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        7⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        
        PID:17220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1726.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        8⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        8⤵
        
        PID:17288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        7⤵
        
        PID:18136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26820.exe
        7⤵
        
        PID:18332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50471.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        7⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        7⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        7⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 720
        7⤵
        Program crash
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        6⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        7⤵
        
        PID:13692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        7⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        6⤵
        
        PID:18184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        6⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        7⤵
        
        PID:17284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        6⤵
        
        PID:17208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        6⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        7⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        6⤵
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        5⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        5⤵
        
        PID:13368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        7⤵
        Executes dropped EXE
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        8⤵
        
        PID:14012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5841.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        7⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        7⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18183.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22029.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        8⤵
        
        PID:16456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        7⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        7⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52833.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        7⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        7⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
        6⤵
        
        PID:11924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        6⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32199.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        7⤵
        
        PID:17552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        7⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        6⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
        8⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        7⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        6⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        6⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43207.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        7⤵
        
        PID:15176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        7⤵
        
        PID:17340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        7⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
        6⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        6⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        6⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30306.exe
        7⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        8⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
        8⤵
        
        PID:17308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        7⤵
        
        PID:17300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        7⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        7⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40974.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        6⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        6⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        6⤵
        
        PID:17428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        6⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        7⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        6⤵
        
        PID:11260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        6⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30000.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        7⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        7⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        6⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        7⤵
        
        PID:18120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        5⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
      4⤵
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        6⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        5⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        5⤵
        
        PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
      4⤵
      PID:9912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
      4⤵
      PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38267.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
      4⤵
      PID:18164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        9⤵
        
        PID:12576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        8⤵
        
        PID:15388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        8⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        8⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        7⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        7⤵
        
        PID:15780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        8⤵
        
        PID:12684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        8⤵
        
        PID:15744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
        8⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20116.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        7⤵
        
        PID:14276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        7⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        7⤵
        
        PID:16924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12690.exe
        7⤵
        
        PID:14452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        7⤵
        
        PID:17068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        7⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        6⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        8⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        8⤵
        
        PID:18384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
        7⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        8⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        8⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        7⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        7⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43867.exe
        7⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        8⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        8⤵
        
        PID:14636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        7⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        7⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        6⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        7⤵
        
        PID:15496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45804.exe
        7⤵
        
        PID:14640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
        7⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31217.exe
        6⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34852.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52698.exe
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        5⤵
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        6⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        7⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        6⤵
        
        PID:18232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        6⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        5⤵
        
        PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        6⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        5⤵
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        5⤵
        
        PID:15896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
      4⤵
      PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        5⤵
        
        PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      4⤵
      PID:13184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
      4⤵
      PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
      4⤵
      PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
      4⤵
      PID:18084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54325.exe
        8⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        8⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        7⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        7⤵
        
        PID:15864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        7⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        7⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        6⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        6⤵
        
        PID:16892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        6⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 724
        7⤵
        Program crash
        
        PID:14164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47056.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        6⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        5⤵
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        6⤵
        
        PID:18124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        5⤵
        
        PID:17600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        6⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        5⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56878.exe
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        5⤵
        
        PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
      4⤵
      PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
      4⤵
      PID:18204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54675.exe
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        7⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62789.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        5⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        5⤵
        
        PID:16912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        5⤵
        
        PID:6760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29853.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        5⤵
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 632
        6⤵
        Program crash
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        5⤵
        
        PID:15568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28508.exe
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        5⤵
        
        PID:17580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38911.exe
      4⤵
      PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        5⤵
        
        PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
      4⤵
      PID:15832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        6⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        5⤵
        
        PID:11668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        5⤵
        
        PID:16888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
      4⤵
      PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      4⤵
      PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
      4⤵
      PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
    3⤵
    PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57358.exe
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        5⤵
        
        PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
      4⤵
      PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      4⤵
      PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
    3⤵
    PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53295.exe
      4⤵
      PID:13140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
      4⤵
      PID:15908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
    3⤵
    PID:8724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
    3⤵
    PID:12780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
    3⤵
    PID:15072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
    3⤵
    PID:18152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 720
        5⤵
        Program crash
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        8⤵
        
        PID:14028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        8⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        7⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        7⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
        6⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        6⤵
        
        PID:15536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
        6⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:18184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        7⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44835.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63235.exe
        6⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        6⤵
        
        PID:17624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        5⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        6⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26279.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
        5⤵
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        6⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        6⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33818.exe
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13707.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36583.exe
        5⤵
        
        PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
      4⤵
      PID:10316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
      4⤵
      PID:13684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
      4⤵
      PID:16564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      4⤵
      PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12433.exe
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        7⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        7⤵
        
        PID:15364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        7⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        6⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
        6⤵
        
        PID:12168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        6⤵
        
        PID:15812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        6⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        6⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51483.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11167.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        7⤵
        
        PID:17152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25675.exe
        7⤵
        
        PID:17168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        6⤵
        
        PID:15140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        5⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
        6⤵
        
        PID:12652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        6⤵
        
        PID:18100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        6⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45211.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
        5⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        5⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
        5⤵
        
        PID:15608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-79.exe
        5⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12505.exe
      4⤵
      PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
      4⤵
      Executes dropped EXE
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        6⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        6⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-435.exe
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60403.exe
        5⤵
        
        PID:15564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        5⤵
        
        PID:14200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        5⤵
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
      4⤵
      PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
      4⤵
      PID:15820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
      4⤵
      PID:17812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        6⤵
        
        PID:17240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        5⤵
        
        PID:12804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        5⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        5⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        5⤵
        
        PID:15196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        5⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
      4⤵
      PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      4⤵
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      4⤵
      PID:17380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        5⤵
        
        PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
      4⤵
      PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
      4⤵
      PID:15404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56812.exe
    3⤵
    PID:7452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
    3⤵
    PID:10020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22570.exe
    3⤵
    PID:13624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
    3⤵
    PID:15552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
    3⤵
    PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
    3⤵
    PID:18348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28770.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        8⤵
        
        PID:17324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63235.exe
        7⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        7⤵
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        7⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        6⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 436
        7⤵
        Program crash
        
        PID:18136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        7⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        7⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        7⤵
        
        PID:18068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
        6⤵
        
        PID:15796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        6⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:18420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        5⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        5⤵
        
        PID:15624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26968.exe
        5⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:13928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
        5⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        6⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        6⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        5⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        6⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        5⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        5⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        5⤵
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        5⤵
        
        PID:18100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27035.exe
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
      4⤵
      PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23713.exe
      4⤵
      PID:6200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
        6⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
        5⤵
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59644.exe
        5⤵
        
        PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        5⤵
        
        PID:18000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51623.exe
      4⤵
      PID:14144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
      4⤵
      PID:16440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      4⤵
      PID:7492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
      4⤵
      PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
      4⤵
      PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      4⤵
      PID:8324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
    3⤵
    PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
      4⤵
      PID:10124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
      4⤵
      PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
    3⤵
    PID:6888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
    3⤵
    PID:13328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
    3⤵
    PID:7336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        5⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        5⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
      4⤵
      PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
      4⤵
      PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
      4⤵
      PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
    3⤵
    PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
      4⤵
      PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63719.exe
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
      4⤵
      PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
      4⤵
      PID:132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
    3⤵
    PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
      4⤵
      PID:14976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
      4⤵
      PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
      4⤵
      PID:18216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    3⤵
    PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
    3⤵
    PID:14724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
    3⤵
    PID:5304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21671.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39577.exe
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39402.exe
      4⤵
      PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
      4⤵
      PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        5⤵
        
        PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
      4⤵
      PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
      4⤵
      PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      4⤵
      PID:16620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
      4⤵
      PID:12844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
      4⤵
      PID:14932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
    3⤵
    PID:13528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
    3⤵
    PID:15696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
    3⤵
    PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51074.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
        5⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14788.exe
        5⤵
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23729.exe
      4⤵
      PID:13068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
      4⤵
      PID:15488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
      4⤵
      PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
    3⤵
    PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
      4⤵
      PID:15132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
      4⤵
      PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
      4⤵
      PID:17612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
      4⤵
      PID:1180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
    3⤵
    PID:10812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7993.exe
    3⤵
    PID:13908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
    3⤵
    PID:6188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
  2⤵
  PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
    3⤵
    PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
      4⤵
      PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
      4⤵
      PID:17492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
    3⤵
    PID:10388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
    3⤵
    PID:13800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
    3⤵
    PID:17120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
  2⤵
  PID:7704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45527.exe
  2⤵
  PID:10064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
  2⤵
  PID:14292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
  2⤵
  PID:16724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1252 -ip 1252
1⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3936 -ip 3936
1⤵
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2852 -ip 2852
1⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4340 -ip 4340
1⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6596 -ip 6596
1⤵
PID:13968

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:18272

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:17428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2004 -ip 2004
1⤵
PID:17664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe

Filesize
184KB

MD5
85ad02c29b674214441dca53de5bc845

SHA1
449ab8555bb5f40b61ebfdc62db785f3f66ad66c

SHA256
acbb12278a3cef95cdf6c47c1604afcc5c8f285761a383edb679819ab68cded7

SHA512
42e018331007366781343cb13ec94fd359395879e9097f0c648df808f1459d19d8310e41b52c8703337b477fd3892ebc6a80a59a65c059180135565a925b74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe

Filesize
184KB

MD5
1b0403769ce09af85494396f5ea55ebc

SHA1
99bc70e1c265c58377a12520e35f5a6ebeb40b24

SHA256
57b7e414c89d8b2484d3b54519204e483f0578f1f31ea24f1b0d3046c062efc8

SHA512
08059d5df7110d92068bf110c0475ce35f5008be509ed33829d47769101e4113558b05153237db55d89a94b5b5836c963b90b70f2f8dfb5de8f3b1f48843c134

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe

Filesize
184KB

MD5
5759f710c227c35a3d5e5c0b827d6d07

SHA1
1a9ed3b0fa4eb0e288b527d2066fe8b80723e4ae

SHA256
88308ae0d743240826bdbe32c20dafe0c55cf5512df1acf53e5137d71efc8a33

SHA512
c8bcfdf0f5b6bee41a1021dbde7b1f66f618ffb86a57db53a4714788633d604b804f9dbad663dd7bca7aca0ff6c36a1ec7fe7c3f0ad7601c05882495e90a00ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe

Filesize
184KB

MD5
f938b41c8b6e39519c4b5dfa4ea828bc

SHA1
73e8350c53c2ad2fff3a27fe3061165189baefa8

SHA256
fa5013c2045d9c9d0579e1f7a7d74374f9eb3f5e102433816b7c4b53fef3ea88

SHA512
f488c11555d452e677d10bf82e63ec5d9cc5dcfdde1add7129fe002436b8626be7f0ee83b2f56c67aecdcd6c51387ede10138c78f9d5be240668f3627842cf65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe

Filesize
184KB

MD5
77d61c5ae3f26c5c888d6857faa2277f

SHA1
c0990c532b01e8187197f3a50b9abeaca0178654

SHA256
cdc250f62e99d1d5f121abdd6e278ce9d825a444fc883d86953d2745c335c2f7

SHA512
c1a8feb477b5ea72ad605f4b6cd8996b8df201ed9716743f3bf7af412b781567429cc38febb6f956fffb672f9bf4336be9b2bcb1e9589c0a007a819de1868644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe

Filesize
184KB

MD5
2bcb11b8a31b75026c5504b3dcb647d7

SHA1
29fede6f52215080d8240be6b16dce77c12fdfd0

SHA256
a49e8bcf7593702078745c5b608f3293f03048041e4fa4633efed430625da8ce

SHA512
c6ae109bf1ed9d6e4e85f3845554b97668261a5014a2a3827395df8603555c86472fd3dedd5317a4f8a8fbc34b60de260703e4aa0e1b3c11c6d7278b89488cb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe

Filesize
184KB

MD5
e90ac34116b0ea507ca3af8e24e07bac

SHA1
e777c6f07d525413f267863b6c71fe17687de119

SHA256
b0913ac81803f3cb052fabbef3f7b6d020964abb36218f21e68f5cae95be7414

SHA512
08bf51b4d16d940a0ac2371ae9e00ed0ce6beec9c684e9b29109e9ca4709a0aa57d8dd1d8b3cbf695dc4d5e09ad4d7a64e5a96e57a454e7b62ad6e3688726a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe

Filesize
184KB

MD5
1cf4291007404770cb7c63143510eff0

SHA1
c27c1572cd53b873d5dae84d2e00c8c3eb76ffac

SHA256
043a1cb7d9eecd04a95e2c283268dc75475a51eeaee0b25e69740012102a47bc

SHA512
f1b2f66a4219bdd60f634561dde22a32298b337a24454f4114e327000f6ba63b55c68049bb222c3bb6b9db2c22931458fe504273e98f655085c683c4853f1778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe

Filesize
184KB

MD5
60ca6e67753ada0d431af588841b0e75

SHA1
f5be6ba0b4ae2b316fa95fd6989012c0b2feebe6

SHA256
8f516265674ba8a160a6f4e39c3402c7c9f22daf978b2bf42cec700293f1e132

SHA512
2dabf77b9718bdcd807f45a2e184ec802efa01da6fd0a8f6ec45118a0994e04493f957875a7ca53b8111f082e2a50c25f09d41e592a99c63fa3bac28b21cb73f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe

Filesize
184KB

MD5
6e5982e6396365412ed7075fe1ea9aae

SHA1
93626a4f981ba7d718101942bce3beda5c11a53d

SHA256
75cfbbe470ffa2ed2bb33c7bf1dd4496fd976e4c2b56a38d35564e5cf1597fd2

SHA512
e276affdc5f28db33a9f59d1771b86febe70ca50e487a2d5c8ed6056e2aa4b8ea84a1ba3cc7154f19688ead35d0e2f8f1237dd67c017e1d6bb9c6a02a2b843c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe

Filesize
184KB

MD5
13c82991a854cf932b0dadfd7977dd21

SHA1
691fd347567faba8d0fcd3f0edb88fee024aafd9

SHA256
65e95c12739c5d8d31cfd755e7ce93c78e039cde972a17fb1c8f0afe7b279d3d

SHA512
3b33987cc4499cd1381893cf7b29e2595d4bd0e1c06cccec5ba67834b87de8d25c3e410a81730cf0c6a945aed3f4766216a4ee52ffeb600ebabf824c4c20f081

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe

Filesize
184KB

MD5
41ff89dbce0571ae5e6265eea2737118

SHA1
a7d8e3cbffffc34837cf02df343a5f32f3c289d8

SHA256
fd62ddc4adf66ca3fc56b035556e16987c036e29fe934f4cc9ebfbb8e00fdce0

SHA512
e9a5a324c0be47281b1f343aeaa735dcaa5793d378df503e4c36c0de5e3d7472993354220f1c4d0f7a855053d142282acbde5efcf5328f95b16c0beb3c88cf21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe

Filesize
184KB

MD5
ad7fa305859364fa52aff661fdfde6af

SHA1
37af41a7fce18867b993d560424a41cb3a4cc7c6

SHA256
2ae099bb0ef707a74dbf1bb72e032912428cf4a37e0f7e0ef4a1138dd3f30dba

SHA512
b8e01a4a3b62ae1941ec0596ca53754bc96f8563ecdc80cec9ddacd0c61fad4a726fbc92a8e1e913ad7bedafd206e4992b8c4b462391ae5f6056cf35d48929ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe

Filesize
184KB

MD5
c0a3ecf89523abf40c65c0baabd14aee

SHA1
37a657084383b9358c73d592bd90298bdca39f6a

SHA256
8081c9b3d6be143ea5262c575e085ef9bcc6bec4499d7a2206fa7575db975f5f

SHA512
c0b3071c1684beedc3733a799fa6b4ab92099e6c65e01a29caf69c02cac3cbaaf39158a27acd41828556905395c6fbe338f62ecf7a07074221b1278daa64d56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe

Filesize
184KB

MD5
6d64998629bd4116d9d4ac66f0ce6511

SHA1
bb9d9a245885bb1f6b1d5c2e214f3dfa42a73720

SHA256
d072b1fbd1ced51ae868e882858257830f69becfd4aee04d1ff95abb4c7eac9d

SHA512
4ad732eb32d2f8249e56b08c6182c8898cce54006a277a1bfd6f5dcda1ec29fd60af9be84e91411ab2e63e68fbd9fae0cab77e3724d2259c6979e2eeed9369c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe

Filesize
184KB

MD5
5d5ca499450913ca66a71c36740426f4

SHA1
19e277521ebb6c695ba87291215908bcac805064

SHA256
d793d85b889b45afe74acf23ca208433d11cbcc768114c9f9c622e6575c447d1

SHA512
3a0795a2873da597059b619cb4dac13c3eec026452970d6b42d28f91e0cb0aa75c1976ddd6c49c649423d1153bb09d55cacd618fec9350347d98eac7c299434f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe

Filesize
184KB

MD5
8f2a6b61fd5e96e51931b923c3c28d1c

SHA1
e56e6ee57c37c5549dac2b517a4b05c22c6bbae8

SHA256
272d12d650046cc0c0b7d91ded57a2d21d308cca292d8428920d0bc6fd9319cb

SHA512
d51b33f68da318715d0ce5beed74bc05b727b2b388eb2100e4820fa9698b263d418f7352e9ba3ab2e476c6c384b66753c055ac22b4824b932e31ae7ddf9555fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe

Filesize
184KB

MD5
2c8403eae55fde0dd9d70992a53229ee

SHA1
eb88cee869d564fa66c767dae8a9facc628741ac

SHA256
69ffe786b16d555b496dbe9cd13e5c3b92e2f05d7152082c73f16c6cecf7bec3

SHA512
59af94233bc009b3151955c394018454ca82af4e985576b55d4f962f78fc73c8035250926b1d52e00d695d109ef4bb74ac56bc8dc89132a17c0c9c44cd02b0c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe

Filesize
184KB

MD5
0f193fb23899398af76c860a289662f2

SHA1
58dfb5e0ddba591decece626f9a55062a5768f2a

SHA256
1ccbaa149b25e82af3b304fa2fe90305b75424da0d1dd0fd8740541393bd5be3

SHA512
646e7e7c6b4de907e6f19e231eaa3a885fd7513e45a8039d51f3bef202955bc63ff416c36fc56ea399cebbb6ff54aedae6d8e02a2759a458de655a3a759116c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe

Filesize
184KB

MD5
9911ce65c36db2d01c895f0048ef874d

SHA1
dae5915e2908c184efa8ca3c73829f4dbb3bff67

SHA256
a0f5803e7d3c48e95249e134099f70635c5e9c3a2d30c406bd7699612549cfd1

SHA512
e133e858dd268c2ea2e8a8225104e91a4aa929a93b9a2144c61b24e57ceabd20902294a4568e09d6e8c5cbb9748e42f656f3736ca981200d7792b1ce2e08d5fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe

Filesize
184KB

MD5
f757be081141ea815a54df27e2077a22

SHA1
9059d422a2bc151c3c1b564161447b8165400131

SHA256
f96ce51dba5d4ede3d37a57757f27c9cb42a0dbf9bd58f3819b2a1e9a13a88b8

SHA512
a4d8b9f066d332a0775e083b441d299f6f4c64e0ef12409467a6886f4dd95253361ead686757b660e149e59904c7cf734011e9ac9fab653602c64816ce70fc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe

Filesize
184KB

MD5
adb13a2ac437c5c31abcf75771d88cf8

SHA1
f77c12d00a27f3501782b8f7b2ff1e5bbdc3b9be

SHA256
1c1c728f585c28cd9b4b4b66d25982532994191dd0fdabfdfac46196f2fb1323

SHA512
685878ca3b6fb42292713c0982455b0361eb85ee1fa513b4950390ab2ab5e4fadff67ced94fb43f71911135cac28cf036a76e8b2bc76cc96d9f0d4dd90b58fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe

Filesize
184KB

MD5
35f822f7d457399d829d06a9fec6a684

SHA1
39afc9762cc786c84ae225aa6c4ed382ae201d6e

SHA256
a51cf72735b2eed7b93b18c7b7ef08e184c8457b0723b37983b0180cc676c5f7

SHA512
6fd2e8c0bf703fb3681994cceba913aafdc40488708c870a3819e8b665b1bd9e9af6a9c702bb8adddcc6de73b92e77c56a40f63d9d52b464c6e940b05e476815

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe

Filesize
184KB

MD5
b0156fe1309b55a59b09c7122ed6ae74

SHA1
bd695a5445f1514c9f5b77bee2f5df2db726e4da

SHA256
05d6dc9fde3aacfa2e255ce956c6d7628b716fecb159db8b9a736790d6e8ca66

SHA512
8b84545d5b6a0c46aa379e775da859f2562f4dd40d9b80a829c8324b6f77dd858fafb2f08f69516b5d3ece3eea931f0cc782a8d206c97fbe35f88fa9f439822f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe

Filesize
184KB

MD5
46c9539a0f67cac89c609cc271d441cf

SHA1
420d34f255a19cdbc490a97188bf94968ce04264

SHA256
024cce0bdbc462798cdeb471372362e54de4370f910f75f96ad4b4db568efe54

SHA512
0742a4bc8ce334924ce30ff37cc6f1c0d7c909a5669719064288c7b612b67a5beccb9612e2302abe2b650a5b456ed555434c1d705e03f1fcf58a3d49f9cb1052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe

Filesize
184KB

MD5
437687bc723e8e67e2745c987e3fb124

SHA1
83be1fbaab427e436f5e9b66dd558f927232fb0a

SHA256
69cb56076b191e6b61d646842515665d941438f00202d69bb348f2bc465cd441

SHA512
4e8fb0ba8c030ef375da41b745fb905c2e87813225c421eaeae0b80400506723c581f47761a9929f920b08d81f39e090575c6555c2957656c8da84800aacf756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe

Filesize
184KB

MD5
16eef634774001a730886c737d181a51

SHA1
a1ead384aae053d1f53173085c64bfafd442c5a3

SHA256
7dd5f91c57b9ee23c0727de87a403ac9b7061223078cad9e9cd3c6f5c7e4e159

SHA512
7ae96a3a8453cca28fed238504c50020cf515fbb56243b34b3417eac69977aaaa49d46b055c8e8f46e2c978cd28bd7cb7493ba3a1cb17df5b0745c95c66e5ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe

Filesize
184KB

MD5
224a6c8ec176c7c4962b96a2ae338404

SHA1
0183f59b2bcfb9cac350f82f2320b3537f363ef4

SHA256
ce8c9652b18d719ff3a108d1162cdb234a1768d182895b9b7d18919641e77b8e

SHA512
69b116439df176d5c5bf2b569c75242cd9cd1b55b6cba2819b1bdb28a7c44b5eb5100ab713765ccff18bafc9a41c35fb57e9d3da8da0facbbf717acaac2c8580

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe

Filesize
184KB

MD5
5230e27b315ca5c5c1fbfd782f46c333

SHA1
d00ed04073a09dcb5c52afe4b8b09b0f32a68727

SHA256
49ca15f11d47ec5f96614fd73084a0a886d05d52906b05afe9943ab72e8c17c9

SHA512
0c3e5a30047c21f03cd42ec4066eb73853000d9329a7e6bd161c566baa7b445bdca745817ac8bc343dc97b6e2c0dabb622d3639a1c3ce4fb9c7123be45d99021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52137.exe

Filesize
184KB

MD5
45e95113a56ae97077c0466c7d0dbcf6

SHA1
5323b353cca684aed289a468bf4a5f6ff7dce72d

SHA256
e890e884a9350b26cfbde1c12fd8f9261ab8bd3ad74be86e0006837d3d41ec61

SHA512
c6cb41fde0b2706cfe99e043ba9b525e714d47cebbaafa43f760a99057c0c44e41caf7a18cd39c12c57b46ba9c2bc4a77b1c6fcc20c4303ed533d2ed3007fe92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe

Filesize
184KB

MD5
4f31571d9240ae627a1a3f4f1d504472

SHA1
38b248aad3ba441b7fe1111968588fab9ae91d8a

SHA256
db90d8a8f040f7b35264e9a96ce5e08a0c37b56a3225d12dcac8aee2b637789e

SHA512
804e7794477a176e6faab688815daddb44da98767e23c42945ec32975b255c3102d345e5388fff13d5c125c13ffdd74ac1f36bcd29df9a78ec3b71547ef48e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe

Filesize
184KB

MD5
ca338e99cca79fc5c90b88e79bd4d2a2

SHA1
8f0f00f6db77c8d09db98ab6a68e37f335e4ed91

SHA256
eaaa274ad8cd4811e1c8b52b9b50c77826831083b3ebf78de2ef89bc2593243f

SHA512
87b787b592199207d5660a20944a0d2b444b276bf3e1950ca9ee74e517914381a360699a03252588db7d96159173e838c068ba5d09f02cf1e7eff754dea4aee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe

Filesize
184KB

MD5
6003b6428ad193bac224fb7e8f6490a1

SHA1
b4f470f6798d62bc515901a0dd4978ef044e6663

SHA256
b9d3e8f02a44f627c764de53bf776ac96b0d80bed9a98b0346b41d9047fcd2ad

SHA512
09df1c4711b88e6ded576a8d6d29201bc132c8c4d6573e1c889f1add2d335150f06c31566a3cddf27f3ec3d0e0dab9e8f5784f227d54e2cd8bfc0bf9d4003a87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe

Filesize
184KB

MD5
5e117021945c6b73e2fce87bd64d1d16

SHA1
4a7a3dc7d05f04e4780a444108754b4bd569231e

SHA256
e1a9de89e0c2eb842dd6d218999c5007699f769cbcbcc1269bc39b7de4858151

SHA512
a83d0d212f6a3cb69db9003bcaf1ca90d73491730b91ddd5797dbd788821c6ef3a25ddcdd4c8e2fc1c5304de40ecbbd2a4ddca0101ad14f18057bf053677899c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe

Filesize
184KB

MD5
5de27b6abeaa3f7a6d6c3f4bf262a9f3

SHA1
1003fea8455b02fd908520a51fac33e93c4e4d78

SHA256
ea7db5acbf4dcf23bb7f10777d513285cfd2ba59cbeca9e2beaf366918d1a919

SHA512
476b9a83ca9c598e1272d4dcdcdb7bbe08b80d80c5bb9a6818a2393e1772f46a1b6017dfd4deabf846556d7db93981b126f1674789348aa0732e995708922593

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe

Filesize
184KB

MD5
13c2a9d425557a8fa1f5ecc9c04f1887

SHA1
8540d6359b53baae19a398cbb7f2abee5711db11

SHA256
524d5f9dce3bbe362bde8e72e03dcb112000ec93ea01486a63b071d8c4100d71

SHA512
853e1ed1c1af2fb17a727a555e66466137cfdc27d525a25f045a281ba91456892587fce716980ffa8e5c40eb8cc6d99c38ccd9561355acacff4f20e74aa9f66b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe

Filesize
184KB

MD5
248382079ae6837e5cc2bcdede7d558c

SHA1
7d2b9a2595e9775b0941f4b0d56a2648767b3419

SHA256
cf89d49b51b4b8c4da0db110c456895490b46801dcd7b8a51527f6af2dfb234f

SHA512
f7cce9c3cb55e204587a617ad5499acdd8ab199e8a1d72069406cd1b76fec37e8d49a435b8f968ecba763e2a560553986ba380ee7fddc0a05e48b1ce64180949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe

Filesize
184KB

MD5
24637388b9e822d742a8060436b4bbc2

SHA1
70a414e061944dad0d9a17ff50166f48fdc8d3ce

SHA256
8ffe538e4739d27785caae9d7c571c2111c77e73743bef1f6d933029c0a93f5f

SHA512
89e9ab99047e763459bb69ef481b5fd690759224ff6b6877a5bb470f30cfbef99c6abe967fd19170701c506515dff1a3238118c4769f18995370cf8e5c53c3a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe

Filesize
184KB

MD5
e836cfa775be08de6f820baaee2257b4

SHA1
637085ed5cc29fc02aa5e3bf3153dff765f14109

SHA256
8d5589fe8a92d8201863205edadd46d0dbfaa88574171b338314a44333e7bbf1

SHA512
056031433cf7daf01822fa49d9f44a1b27fa9a730a92575a36104385e2191f8d7926ed2d6802319ccfc4d26de1df8c1af37a281f0aed871ce321a2e91b530aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9423.exe

Filesize
184KB

MD5
5f1a69ac1c895ee2fc48c70577439a3b

SHA1
b503709d308e657b8a78e63a9d71c89aa7bd2039

SHA256
24979754ff8c204c075ee311c40bfc0bd29bf76def45074e779edb7e2be47ac2

SHA512
a7dd4b1d9b909e95f19f708bd7fdfa80b3e28973c89c9a405fcf8b3b3981ae2cf4dd84e362477cd6cefee92fa0316e5ab5c2f9b715da7d83d46bf7cf2e0356a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe

Filesize
184KB

MD5
3a704d85900ca09ec647363cc3368eff

SHA1
b5cdb8fea5e2df74d37465caf245912bdc7057cb

SHA256
2f00dd3ea5cb9639d976f291c19b96d4602f5e18021d0877e27989b070a2bf71

SHA512
c99dfd4304cdaf5940f35b760699d27153046433f10c0ac82ad3bbbbdad6965f2b1df5e402b7ea3e960c6152ea8d27c8b1ed78e9e211e3f0ff9a68faba28b1d4

Download Submit
memory/1912-2890-0x0000000074BF0000-0x0000000074CA9000-memory.dmp

Filesize
740KB

Download
memory/8044-3623-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/18272-2868-0x00007FFBFB600000-0x00007FFBFB741000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads