d17c717e927c5083a6f3ca25458953afd4b8110e6efbc5cfaa00f6a564bd3459

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe
Size

184KB
MD5

a0868b0adb2fafecd9f6578d102c0910
SHA1

7b88cc91c9395cce15161349ce3e4bf8a6d9abce
SHA256

d17c717e927c5083a6f3ca25458953afd4b8110e6efbc5cfaa00f6a564bd3459
SHA512

1cd70bcd23980991a124ce06af3107cbed4ed0589dfb7d03a939e5e09b69b57114e9961358d79bb4906c335305f8f2373257ddcd652e239f87faecca440eab0d
SSDEEP

3072:qUoRtpoTd9qZkd6jTCpJcbANflvnqXviuh:qUiowg6jKcMNflPqXviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3428	Unicorn-20981.exe
4948	Unicorn-24222.exe
3548	Unicorn-57449.exe
4060	Unicorn-42670.exe
4456	Unicorn-63837.exe
4488	Unicorn-26334.exe
2144	Unicorn-9295.exe
4884	Unicorn-54450.exe
3748	Unicorn-18056.exe
3052	Unicorn-17502.exe
3168	Unicorn-64464.exe
3752	Unicorn-50729.exe
3772	Unicorn-708.exe
3164	Unicorn-65477.exe
4304	Unicorn-56562.exe
532	Unicorn-7916.exe
2560	Unicorn-52286.exe
4496	Unicorn-33711.exe
2072	Unicorn-45462.exe
4724	Unicorn-13152.exe
2684	Unicorn-16682.exe
2004	Unicorn-20766.exe
2628	Unicorn-60844.exe
2840	Unicorn-4237.exe
3412	Unicorn-39140.exe
3928	Unicorn-57257.exe
3636	Unicorn-15979.exe
3292	Unicorn-13749.exe
5112	Unicorn-3343.exe
4700	Unicorn-42146.exe
1108	Unicorn-38062.exe
3796	Unicorn-44201.exe
3276	Unicorn-57936.exe
4312	Unicorn-43070.exe
3780	Unicorn-26542.exe
4028	Unicorn-26277.exe
4892	Unicorn-32716.exe
1320	Unicorn-19718.exe
3532	Unicorn-62788.exe
3696	Unicorn-61305.exe
4904	Unicorn-56474.exe
4292	Unicorn-60558.exe
4524	Unicorn-40692.exe
3980	Unicorn-40138.exe
1100	Unicorn-10595.exe
4044	Unicorn-65197.exe
552	Unicorn-6312.exe
3200	Unicorn-7273.exe
1080	Unicorn-11357.exe
2132	Unicorn-51933.exe
3660	Unicorn-44585.exe
3708	Unicorn-32089.exe
3932	Unicorn-20102.exe
4612	Unicorn-7657.exe
4932	Unicorn-26084.exe
4516	Unicorn-29422.exe
732	Unicorn-57745.exe
3888	Unicorn-57818.exe
880	Unicorn-449.exe
2960	Unicorn-21616.exe
2328	Unicorn-17532.exe
4172	Unicorn-45566.exe
1416	Unicorn-14739.exe
3520	Unicorn-20870.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
5044	2628	WerFault.exe	119
5992	880	WerFault.exe	158
8332	5324	WerFault.exe	212
8324	5172	WerFault.exe	227
8548	5136	WerFault.exe	226
9624	5136	WerFault.exe	226
9288	5172	WerFault.exe	227
10108	6152	WerFault.exe	278
13644	12260	WerFault.exe	587
15132	12260	WerFault.exe	587
15016	7084	WerFault.exe	272
16900	7084	WerFault.exe	272

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found

Modifies data under HKEY_USERS 62 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5876	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7268	Process not Found
Token: SeChangeNotifyPrivilege	7268	Process not Found
Token: 33	7268	Process not Found
Token: SeIncBasePriorityPrivilege	7268	Process not Found
Token: SeCreateGlobalPrivilege	11604	Process not Found
Token: SeChangeNotifyPrivilege	11604	Process not Found
Token: 33	11604	Process not Found
Token: SeIncBasePriorityPrivilege	11604	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe
3428	Unicorn-20981.exe
4948	Unicorn-24222.exe
3548	Unicorn-57449.exe
4060	Unicorn-42670.exe
4456	Unicorn-63837.exe
4488	Unicorn-26334.exe
2144	Unicorn-9295.exe
4884	Unicorn-54450.exe
3748	Unicorn-18056.exe
3052	Unicorn-17502.exe
3752	Unicorn-50729.exe
3168	Unicorn-64464.exe
3772	Unicorn-708.exe
3164	Unicorn-65477.exe
4304	Unicorn-56562.exe
532	Unicorn-7916.exe
4496	Unicorn-33711.exe
2560	Unicorn-52286.exe
2072	Unicorn-45462.exe
4724	Unicorn-13152.exe
2684	Unicorn-16682.exe
2004	Unicorn-20766.exe
3928	Unicorn-57257.exe
2628	Unicorn-60844.exe
3412	Unicorn-39140.exe
2840	Unicorn-4237.exe
3636	Unicorn-15979.exe
3292	Unicorn-13749.exe
5112	Unicorn-3343.exe
4700	Unicorn-42146.exe
1108	Unicorn-38062.exe
3796	Unicorn-44201.exe
3276	Unicorn-57936.exe
4312	Unicorn-43070.exe
3780	Unicorn-26542.exe
4028	Unicorn-26277.exe
4892	Unicorn-32716.exe
1320	Unicorn-19718.exe
3696	Unicorn-61305.exe
3532	Unicorn-62788.exe
4904	Unicorn-56474.exe
4292	Unicorn-60558.exe
1100	Unicorn-10595.exe
4524	Unicorn-40692.exe
3980	Unicorn-40138.exe
1080	Unicorn-11357.exe
3200	Unicorn-7273.exe
552	Unicorn-6312.exe
2132	Unicorn-51933.exe
4044	Unicorn-65197.exe
3660	Unicorn-44585.exe
3708	Unicorn-32089.exe
3932	Unicorn-20102.exe
4612	Unicorn-7657.exe
4932	Unicorn-26084.exe
732	Unicorn-57745.exe
4516	Unicorn-29422.exe
3888	Unicorn-57818.exe
4172	Unicorn-45566.exe
2328	Unicorn-17532.exe
3240	Unicorn-8352.exe
2960	Unicorn-21616.exe
880	Unicorn-449.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3428	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	94
PID 4540 wrote to memory of 3428	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	94
PID 4540 wrote to memory of 3428	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	94
PID 3428 wrote to memory of 4948	3428	Unicorn-20981.exe	96
PID 3428 wrote to memory of 4948	3428	Unicorn-20981.exe	96
PID 3428 wrote to memory of 4948	3428	Unicorn-20981.exe	96
PID 4540 wrote to memory of 3548	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	97
PID 4540 wrote to memory of 3548	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	97
PID 4540 wrote to memory of 3548	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	97
PID 4948 wrote to memory of 4060	4948	Unicorn-24222.exe	100
PID 4948 wrote to memory of 4060	4948	Unicorn-24222.exe	100
PID 4948 wrote to memory of 4060	4948	Unicorn-24222.exe	100
PID 3428 wrote to memory of 4456	3428	Unicorn-20981.exe	101
PID 3428 wrote to memory of 4456	3428	Unicorn-20981.exe	101
PID 3428 wrote to memory of 4456	3428	Unicorn-20981.exe	101
PID 3548 wrote to memory of 4488	3548	Unicorn-57449.exe	102
PID 3548 wrote to memory of 4488	3548	Unicorn-57449.exe	102
PID 3548 wrote to memory of 4488	3548	Unicorn-57449.exe	102
PID 4540 wrote to memory of 2144	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	103
PID 4540 wrote to memory of 2144	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	103
PID 4540 wrote to memory of 2144	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	103
PID 4060 wrote to memory of 4884	4060	Unicorn-42670.exe	104
PID 4060 wrote to memory of 4884	4060	Unicorn-42670.exe	104
PID 4060 wrote to memory of 4884	4060	Unicorn-42670.exe	104
PID 4948 wrote to memory of 3748	4948	Unicorn-24222.exe	105
PID 4948 wrote to memory of 3748	4948	Unicorn-24222.exe	105
PID 4948 wrote to memory of 3748	4948	Unicorn-24222.exe	105
PID 4488 wrote to memory of 3052	4488	Unicorn-26334.exe	106
PID 4488 wrote to memory of 3052	4488	Unicorn-26334.exe	106
PID 4488 wrote to memory of 3052	4488	Unicorn-26334.exe	106
PID 3428 wrote to memory of 3168	3428	Unicorn-20981.exe	107
PID 3428 wrote to memory of 3168	3428	Unicorn-20981.exe	107
PID 3428 wrote to memory of 3168	3428	Unicorn-20981.exe	107
PID 3548 wrote to memory of 3752	3548	Unicorn-57449.exe	108
PID 3548 wrote to memory of 3752	3548	Unicorn-57449.exe	108
PID 3548 wrote to memory of 3752	3548	Unicorn-57449.exe	108
PID 4540 wrote to memory of 3772	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	109
PID 4540 wrote to memory of 3772	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	109
PID 4540 wrote to memory of 3772	4540	a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe	109
PID 4456 wrote to memory of 3164	4456	Unicorn-63837.exe	110
PID 4456 wrote to memory of 3164	4456	Unicorn-63837.exe	110
PID 4456 wrote to memory of 3164	4456	Unicorn-63837.exe	110
PID 4884 wrote to memory of 4304	4884	Unicorn-54450.exe	111
PID 4884 wrote to memory of 4304	4884	Unicorn-54450.exe	111
PID 4884 wrote to memory of 4304	4884	Unicorn-54450.exe	111
PID 4060 wrote to memory of 532	4060	Unicorn-42670.exe	112
PID 4060 wrote to memory of 532	4060	Unicorn-42670.exe	112
PID 4060 wrote to memory of 532	4060	Unicorn-42670.exe	112
PID 3748 wrote to memory of 2560	3748	Unicorn-18056.exe	113
PID 3748 wrote to memory of 2560	3748	Unicorn-18056.exe	113
PID 3748 wrote to memory of 2560	3748	Unicorn-18056.exe	113
PID 4948 wrote to memory of 4496	4948	Unicorn-24222.exe	114
PID 4948 wrote to memory of 4496	4948	Unicorn-24222.exe	114
PID 4948 wrote to memory of 4496	4948	Unicorn-24222.exe	114
PID 3052 wrote to memory of 2072	3052	Unicorn-17502.exe	115
PID 3052 wrote to memory of 2072	3052	Unicorn-17502.exe	115
PID 3052 wrote to memory of 2072	3052	Unicorn-17502.exe	115
PID 4488 wrote to memory of 4724	4488	Unicorn-26334.exe	116
PID 4488 wrote to memory of 4724	4488	Unicorn-26334.exe	116
PID 4488 wrote to memory of 4724	4488	Unicorn-26334.exe	116
PID 3772 wrote to memory of 2684	3772	Unicorn-708.exe	117
PID 3772 wrote to memory of 2684	3772	Unicorn-708.exe	117
PID 3772 wrote to memory of 2684	3772	Unicorn-708.exe	117
PID 3752 wrote to memory of 2004	3752	Unicorn-50729.exe	118

C:\Users\Admin\AppData\Local\Temp\a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a0868b0adb2fafecd9f6578d102c0910_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 636
        9⤵
        Program crash
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        9⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        9⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        9⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21335.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        8⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        8⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 632
        9⤵
        Program crash
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46558.exe
        9⤵
        
        PID:13360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        9⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
        9⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        8⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        8⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        8⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        8⤵
        
        PID:17520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        7⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        7⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        8⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        10⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        10⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        9⤵
        
        PID:13628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        9⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        8⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        7⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 720
        8⤵
        Program crash
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 740
        8⤵
        Program crash
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19351.exe
        8⤵
        
        PID:18052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        7⤵
        
        PID:13160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
        7⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        7⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
        6⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30619.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        7⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        6⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        7⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        7⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        6⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        6⤵
        
        PID:18152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        9⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        9⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
        9⤵
        
        PID:17984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        8⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        8⤵
        
        PID:17868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        7⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 632
        8⤵
        Program crash
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 632
        8⤵
        Program crash
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        7⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        7⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21616.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7304.exe
        7⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12852.exe
        8⤵
        
        PID:14180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        7⤵
        
        PID:16488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        7⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        7⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        7⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        6⤵
        Executes dropped EXE
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50577.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        7⤵
        
        PID:17032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        7⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
        7⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        6⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        6⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        7⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        6⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        7⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        7⤵
        
        PID:18268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        6⤵
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        6⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40887.exe
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        5⤵
        
        PID:16860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        8⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        8⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        8⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16395.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        8⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        8⤵
        
        PID:14008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        7⤵
        
        PID:13072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        7⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        7⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
        7⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        9⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        9⤵
        
        PID:15332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        9⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        9⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56765.exe
        8⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        8⤵
        
        PID:14364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        7⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        7⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        7⤵
        
        PID:16124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        6⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        6⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        6⤵
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        6⤵
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
        7⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        7⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        7⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        7⤵
        
        PID:18200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        6⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        6⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47304.exe
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        6⤵
        
        PID:10752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        6⤵
        
        PID:17512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        6⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42442.exe
        6⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        8⤵
        
        PID:15960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        8⤵
        
        PID:18080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
        7⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
        6⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        6⤵
        
        PID:13024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        6⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8979.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        6⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10672.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        5⤵
        
        PID:10812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41482.exe
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        6⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        7⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        7⤵
        
        PID:18200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65493.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21168.exe
        6⤵
        
        PID:15152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        6⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
      4⤵
      PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        5⤵
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        5⤵
        
        PID:17912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12345.exe
      4⤵
      PID:8532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
      4⤵
      PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16086.exe
        9⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        9⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        8⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        8⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        7⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
        6⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        7⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        8⤵
        
        PID:16448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        7⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
        6⤵
        
        PID:16684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
        6⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        6⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        7⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        7⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        5⤵
        
        PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3507.exe
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        8⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12260 -s 464
        9⤵
        Program crash
        
        PID:13644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12260 -s 484
        9⤵
        Program crash
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        8⤵
        
        PID:15852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23498.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        7⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        6⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        6⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        5⤵
        
        PID:13948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        6⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13781.exe
        7⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        7⤵
        
        PID:15344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        6⤵
        
        PID:17120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        5⤵
        
        PID:16748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        5⤵
        
        PID:16092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
      4⤵
      PID:14268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
      4⤵
      PID:15232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        7⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 492
        8⤵
        Program crash
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        7⤵
        
        PID:13976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        7⤵
        
        PID:16584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        5⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        6⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        7⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        6⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        6⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        5⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        5⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        5⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        6⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        6⤵
        
        PID:18300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13698.exe
        6⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        6⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        6⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20672.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      4⤵
      PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      4⤵
      PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        7⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        7⤵
        
        PID:18260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        5⤵
        
        PID:7884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        5⤵
        
        PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        6⤵
        
        PID:10808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        5⤵
        
        PID:15992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        5⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
      4⤵
      PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        6⤵
        
        PID:17292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7699.exe
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41320.exe
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        5⤵
        
        PID:12748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 648
        5⤵
        Program crash
        
        PID:15016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 680
        5⤵
        Program crash
        
        PID:16900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
      4⤵
      PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
      4⤵
      PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6639.exe
      4⤵
      PID:16304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        5⤵
        
        PID:12768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        5⤵
        
        PID:16152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
      4⤵
      PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
      4⤵
      PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
    3⤵
    PID:10216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
    3⤵
    PID:16664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18530.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        9⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        9⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        9⤵
        
        PID:17772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        8⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        8⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        8⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        8⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        7⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        6⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        7⤵
        
        PID:15464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        7⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        6⤵
        
        PID:9132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        6⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        6⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        8⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        7⤵
        
        PID:14644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
        6⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        7⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:17968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
        6⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        6⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        5⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        6⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        6⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        6⤵
        
        PID:17916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13033.exe
        5⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        5⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19242.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        8⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        8⤵
        
        PID:18192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        7⤵
        
        PID:15460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38884.exe
        7⤵
        
        PID:17616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5893.exe
        7⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        7⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        6⤵
        
        PID:12392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        6⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36196.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        7⤵
        
        PID:18220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        6⤵
        
        PID:15840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        5⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        6⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        6⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        5⤵
        
        PID:13392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        5⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        5⤵
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        5⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36468.exe
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        7⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        7⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        6⤵
        
        PID:11528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        6⤵
        
        PID:15920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        6⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32192.exe
        5⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        
        PID:13960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        5⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
        5⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        5⤵
        
        PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        6⤵
        
        PID:16096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        5⤵
        
        PID:15128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        5⤵
        
        PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        5⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        5⤵
        
        PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
      4⤵
      PID:9664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      4⤵
      PID:13404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
      4⤵
      PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
      4⤵
      PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
      4⤵
      PID:18176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        6⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        8⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        7⤵
        
        PID:17444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        7⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        7⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33063.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
        6⤵
        
        PID:16552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        7⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        7⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        6⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        6⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        6⤵
        
        PID:6508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        5⤵
        
        PID:15836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40692.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        6⤵
        
        PID:14024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        5⤵
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        5⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        5⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29487.exe
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
      4⤵
      PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
      4⤵
      PID:4396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44850.exe
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        7⤵
        
        PID:14068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
        7⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23604.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13104.exe
        6⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        6⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15000.exe
        5⤵
        
        PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
        5⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        5⤵
        
        PID:17568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64688.exe
        5⤵
        
        PID:13356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        5⤵
        
        PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
      4⤵
      PID:14736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
      4⤵
      PID:16868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25162.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        6⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        5⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        5⤵
        
        PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
      4⤵
      PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        5⤵
        
        PID:228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
      4⤵
      PID:13064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
      4⤵
      PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
      4⤵
      PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
      4⤵
      PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
      4⤵
      PID:1152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
    3⤵
    PID:9552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    3⤵
    PID:13324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
    3⤵
    PID:16612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
    3⤵
    PID:5568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        5⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        6⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        7⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        7⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        7⤵
        
        PID:17444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
        7⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        6⤵
        
        PID:12632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
        6⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        6⤵
        
        PID:17080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        5⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        5⤵
        
        PID:18160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        5⤵
        
        PID:18300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
      4⤵
      PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        6⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        6⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
        5⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        5⤵
        
        PID:16712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
      4⤵
      PID:11040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
      4⤵
      PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
      4⤵
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28322.exe
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6804.exe
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55532.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        6⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47636.exe
        5⤵
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
      4⤵
      PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
      4⤵
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
      4⤵
      PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        5⤵
        
        PID:18304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
      4⤵
      PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
      4⤵
      PID:220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
    3⤵
    PID:7624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22963.exe
    3⤵
    PID:11160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
    3⤵
    PID:14748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
    3⤵
    PID:17532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
        7⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        7⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        5⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        5⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        5⤵
        
        PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        6⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        6⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
        5⤵
        
        PID:14148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        5⤵
        
        PID:15864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
      4⤵
      PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        5⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
        5⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        5⤵
        
        PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
      4⤵
      PID:14332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18796.exe
      4⤵
      PID:16704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14320.exe
      4⤵
      PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        5⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
      4⤵
      PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
      4⤵
      PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
      4⤵
      PID:6268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
    3⤵
    PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        5⤵
        
        PID:11944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      4⤵
      PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
      4⤵
      PID:15012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
      4⤵
      PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16176.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
      4⤵
      PID:17740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
      4⤵
      PID:544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
    3⤵
    PID:9604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
    3⤵
    PID:13336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
    3⤵
    PID:16688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 720
    3⤵
    - Program crash
    PID:5044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18130.exe
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        5⤵
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      4⤵
      PID:8428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
      4⤵
      PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
      4⤵
      PID:17908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
    3⤵
    PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
      4⤵
      PID:9424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
      4⤵
      PID:16568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
      4⤵
      PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
    3⤵
    PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    3⤵
    PID:13180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
    3⤵
    PID:15404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
    3⤵
    PID:5412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
  2⤵
  PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
    3⤵
    PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
      4⤵
      PID:11480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      4⤵
      PID:18276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
    3⤵
    PID:11068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
    3⤵
    PID:13932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
    3⤵
    PID:16700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
    3⤵
    PID:6300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
  2⤵
  PID:8084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
  2⤵
  PID:11164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
  2⤵
  PID:14388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
  2⤵
  PID:17012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
  2⤵
  PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2628 -ip 2628
1⤵
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 880 -ip 880
1⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5324 -ip 5324
1⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5172 -ip 5172
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5136 -ip 5136
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5136 -ip 5136
1⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5172 -ip 5172
1⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6152 -ip 6152
1⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 12260 -ip 12260
1⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 12260 -ip 12260
1⤵
PID:14956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7084 -ip 7084
1⤵
PID:14596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7084 -ip 7084
1⤵
PID:16840

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:3144

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:5996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:5876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe

Filesize
184KB

MD5
0f5bd0114f7f79e4a24c431c6c57a243

SHA1
df04958d0b25db3cad996859b77d99eee80ec214

SHA256
c4a3f01ca244c80fd5fdf33f384074ab92a428e5181e6cbd5e1c71e9631c668c

SHA512
37cff0bb81d34882ba8f4e0a9b12e4bf5ffa434c10aa5d90a748ed178a66f351acd6d29e79a55e32beec786f0027276e80094d0118a9297cc8830e102d812dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe

Filesize
184KB

MD5
c3366355779747dea574f10c6a92264c

SHA1
0075084c7d2145fe711bad3181eba2936f9d4e45

SHA256
5cbf59f888778a89d96653ada6990c3038a68f27370449132f8a7d051ea1ca54

SHA512
762dd0757d5b9de97ec7e23f831ed82ac8b7690ed9140be40adffc9418e71265357723dbef63b2cf95f80f476b60685cd7c69cd4726a6c09397e41c241d9a606

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15979.exe

Filesize
184KB

MD5
548ed7ce068228d6eaff02dea4ec03c7

SHA1
7c35870a30cde039f3af503c94932e3c5415ad66

SHA256
6c3d6d73107bd7798a565651968ee4b49b18cf0dfcab70865a90eefbd5f7f96a

SHA512
ffa4c9a4916a55f0b33f1eee3066df78b150620ffebe6ddce586de3d2afc1c58b2d9f8973488b1f67261dc19d35b213eb9800924d3dd782a5889f02bb7c90e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe

Filesize
184KB

MD5
ae321813fbec45d17fafe740a18222ad

SHA1
87a9b564ced42afc334df0eb7a25d5176a61e8a4

SHA256
91fef540636fadc2fd8a6384fc01788475b6f51fde901a820d95f334d829b34b

SHA512
83f3b98d5fa75c3214ceb9f0a7951a9c48b2180fc159107a586cd9657c65d6aa0b0b330b9747fd696f7af82d9108769e3f966fba013445605d2af9bdd319a495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe

Filesize
184KB

MD5
71984571dc77ef58a05c967ee7d35b65

SHA1
15a651408bcd8c63c03f0eef8e4c9cfbfb874476

SHA256
a154c97a13d21febecb2c6f29fba0f928fc16bb4b9893fbe6cdb3c2d77cf764b

SHA512
96c88e69119c988a960ecdc947fc40384f443145d400eb7c930a49c9ce97ebb86c39ce1f6c5cec3378da83d75b8ea1e6d33be4f7c9e1405d12595b1a2131d10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18056.exe

Filesize
184KB

MD5
dfb558f82848faf49d5bfe8ffe9f2aa4

SHA1
d0c8f35bff5b3f1b2c7fbcb4ca08a09e11c010a3

SHA256
fc87e4e8a254e8abb82ee9f0cc1727cfffc10884c344d3b8796d207535c881b8

SHA512
59536cc87184e9fd266b185b4204f3f36d2b8af8b6d448c87913ca0374cc49fc050f755f2b947fa7566519e175730fa82de560f65566f3e31f5143f97dd8f985

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe

Filesize
184KB

MD5
cbe3f3e5065d51b3d340aab145321ada

SHA1
cb24118c274cb8e9bbfc7241037637f018df1c83

SHA256
2419684cfc4611f0c42228727d3b0c74502a31e77469dd3ea4859e2d2d43755d

SHA512
334606232359ef032f93e6b4509d7d91d25a5d5bdbcc2672cbdf3992c9979661a0332019cf59da963cba94817ae55e1d0bd3c96e134cd5ed50fc6ceebddd78e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe

Filesize
184KB

MD5
6c775879cf7001a632ff9e80cbd87785

SHA1
30444aaf16f9f998b3fed80ab4339b928016843a

SHA256
18bd680d60d36c68cbfd9e3cb85b26baae93d768ca78755d6d6fc00139858a31

SHA512
427d9d3caa8e33a30493c77da426c1ee34218bed65344ce45a614c8a5994125959c5042689dfec002a634005ae3cdbac0930abd24b59aee1ce8031ca60b974d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe

Filesize
184KB

MD5
1ea300c182eb01e11c8be4a578cccbe0

SHA1
5be5034c6b953ce52d54cd3e71f0d7d2426e677d

SHA256
d9631e8d738f81a3421e6a204fa5fee6ccc457542891e867643cb081f8b7b2cc

SHA512
46f30aea3e306405d1912082a14cf8da56321d2dc86ac9a19391dc6263abb4522f442335aaa1d63aa1597e646d63cc304f8adf0121f8adadaa1a0f991283735c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe

Filesize
184KB

MD5
e44c82bddf0fe897e1906c943a3ecc19

SHA1
b5f37ba6825afbeffa81c5f2d1f4910fa83e500c

SHA256
0dfd5960194fdefdd39dbe61a52f5942b8691fc45186b63387e59ebb23b863b7

SHA512
c96ba49bfe00a03540ed61696f3402b2a5042bbb80abdd5fb2c48381ae082f55aae78f21f166c4721c748a7dc14e0747a4392347c9ba160ed8686c93ae3b54a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe

Filesize
184KB

MD5
963c6f105011f61c585119356e956d77

SHA1
cdd47849c6543c8694efe9794d3198673cfeca25

SHA256
56b9a7456515f1deb8157ac2431d6b96d4c76971479086ad283c40b49c6fe087

SHA512
84e1a5471a05e40d0ea1c9d6a0be129078e3df1e461b851c0756a67051a8120b106a5de041b7e6bca8ff274e588c7db962379ba49b32dbe80aeac55b109ba041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe

Filesize
184KB

MD5
21400dad99cf9772b04989a5960decae

SHA1
4975300f579ea00dc9472c9f44d6a0333a68c33e

SHA256
c0f7e8c1ed2bc1ec427bf524cfbf3cd1af4cb298469f6fcbca6a6ed6939ba9a5

SHA512
a7587407e37555726691d5f05f928cd32b353221a0b8c976a1e1d903416669715f7dc7483cbffefdef86c219222751a87b4262805a0f2fd75a961eaf4a6f360f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3343.exe

Filesize
184KB

MD5
4b784cb2d32198459dfafdfeed9bf057

SHA1
196e1494bc9b125c627f790ba6e33eacdf60155d

SHA256
be28c7237295d27550631239c22d89c5da49e6f7d0d347779fa6850e10d5767c

SHA512
02db88bbe237ffe910275bf9afc0f96f2e91c7c96663ac8268dc3e1ae474706d1cbbf6661dbdd169adb7d0fa5785de4d328a38ded464751e658e0b84764917ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe

Filesize
184KB

MD5
da6d0950da412ab628c37a5225cb897a

SHA1
f75d190888fb8849a14d9bb9b6abb496517c1cc2

SHA256
439ef859da2fc7120a931cc20f61b075d2fa8a722f28a4b675066bd389f0cab6

SHA512
9ff5780a3a05ff85f40902f699006f79114d1db08867e823e1d5d5b90960645e301f4d5c6b84dfea9fdb5fb08a3dcdfce441e74c99e78ef6ecc6067b470bdcb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe

Filesize
184KB

MD5
105738a7efb75b5e61864d9e23218cb8

SHA1
718be3344d9b2e62c5e7aea3ac25ea7ef5e904e3

SHA256
07404537f0e675473a5dfb03198784aa35fb429dafa85d13e85461326c35af49

SHA512
e43d6660d09a66107001ea363737dd45dd479aa030d39b4958e7ba7db107b97dd3d71949264b62cf76ddd995ce15f0f9b61a4ae1f15bbef67c4e83e162e559ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe

Filesize
184KB

MD5
a072a93b00664e38057b909571a884ee

SHA1
6f41c4c748db25677b85d363199d1c2002e56157

SHA256
2c9c64b39bf4b60fc83da8f706d7f1c5da9a0b181ee165c35fdb759a3376b4dc

SHA512
3c564c0cff174b5f074888ef944efafe8f4aa9a876894ff13fb578efc23f7f93eff17e691719de75df889c6bbf751d4554abb46c22629411ce4c031f323cb3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe

Filesize
184KB

MD5
4634006e8e07afc76ba6aceb9d72cd4f

SHA1
9a8bd7f187451916fed31ec37bd9acd0171a797b

SHA256
0a5fcf95143d9a7b654b11ba6ce2235e85000480b1ce6267b2501276689bcbf0

SHA512
df182e8c971e93e5e946b411912f17aec879fac2fbfc395f43fd5a7eb4c89f24c7c80cbacbcfa95e72fd213830ed7a5e99c1cb9ed62447170c940fd593cb3ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe

Filesize
184KB

MD5
e8301e275af0d42a827c68f95c291ee3

SHA1
d8dbe703fde585f61d30db8976c191f67e224b72

SHA256
e54c9520ea7a6c1d8e591b60cae7c73563bf6f989863b1d68cd86c27c0b0f601

SHA512
9cceeee95906a9393ed21252b951ec806dd84ec59a6f9326c117ad6a3d5acec7632e58b87e1fc3a29a32da5803934dfb37a904b2d0f46b4485d8304089adcd93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe

Filesize
184KB

MD5
0d7c5715dedd197ad4f8537df02e094a

SHA1
8ef8cc0caeec86bb8ab22aac5e15303c37abcacf

SHA256
e334bb64c6e619a5d21751b21fe038594d7e7782901dc216d17ce7c3569b9abe

SHA512
6f8b74aab23791e494f550242cdaea714395cab28f5d41d420f43500edfbd62a87fdc3df32660b049027d670ec5b3eef7cc5eddb0f394f96cc67f379adbe5785

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe

Filesize
184KB

MD5
a259ff23e073711ef1ac8098df4c2627

SHA1
d1662f98291c3ea7f52f4a63f2e332f5a9c12dc4

SHA256
f4679d99e51ceccd722e2edc3efddee65995370dac5b00852d9e9d3ac3e66141

SHA512
eaf7adda9e9ae9680d8cac755622e2e7c27c8406c70996bff663a91e073e9260d7f33577dafc20c6c35d1b32af6d0c24ead3521373594503627c596d027338fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42670.exe

Filesize
184KB

MD5
56dcf6ed21c7c31f5356bd043b70a6b5

SHA1
b63a97e764c8a091633e279907e27a948081ca86

SHA256
836f1931cc6ccd8e26553c1ac7a0c83baea203d0266c4cdd3b1b4cac85e45388

SHA512
04683cc3847a52771803be9762a5f89e1f2a508ffc195c9e8f16771bb3d293cbe829c7a70c2c694a3bf8ec57cd72873e5b173163971149de034b8c643bcd4dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe

Filesize
184KB

MD5
619f50b2c69e4ea56725e50429308b3a

SHA1
86422300fe4064c8fa32ca20257ee13274f098f2

SHA256
5d03499765aba1e286018e71c7240738cad5a687c5ffbb1628ced701c660a842

SHA512
39c3023c2022da00accc6ae813d9ad98d63e8401d9ef3952a650d2ee353676497206718d16069770c46b804919fc5c4153b20a5b2ee403d6b6fb22f8b51058de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe

Filesize
184KB

MD5
881f3fad8c6ea98577b76449781d6b5b

SHA1
aa287eb538afc2b3edeec5035e2aec1b863ca811

SHA256
dd9e8572c99f5060a6595239d80300ea64e1d53d2c7663c3b263f2ae082dad1d

SHA512
f5fea68b318982af3bbf0a1ad074f89ca4ead249354cc570b78ef043a9d3e9ccea816b0041e805f6c54dd570ea251f198b99379c4928eae4f50774962e11de4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe

Filesize
184KB

MD5
16d2044cfc805af7834df8ecf35477fb

SHA1
1a6198931ff387e8821cf285ea2cc0d3304d6860

SHA256
f1eaf480e8fab7685ea9fa6462455743a0fb9ffa501ad84245894a2ffadbe817

SHA512
7374d0ca70a4aa0116e792ea8aaafd8d7393c39c478e0a3c0cf5d7e4d7d642da548478f5c2e4bc20a7ee9cb8703d6fd3c7279bbaf6728e329cbcec7a3ff38a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe

Filesize
184KB

MD5
7c21cf11f71f1ea0e94fd6abbef05ad3

SHA1
6e7c2480bb6f2f953edb8db78ef1420bd2f262c9

SHA256
bbe1fc086ea0a5cb26b91de577b996e49c3054bda985b730bab88529f8bd98f1

SHA512
5dceebf8b674dc0eab47c273ef588c059cc24c8967f2008030ceecea3dfdbc201f7a9728810746720f975a0b0295cee6a8858b23c996634409db637f9a75ade9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe

Filesize
184KB

MD5
8bce1a9c5423ef00d4b0989b1925b690

SHA1
7ab386b302c27a9ac9a6e75b4c448806fdb608ca

SHA256
b62712685491081feef6d79b9a0c6ed1cbefbb43014bf880b893c39326b7786a

SHA512
7c1ccff17a89d6bc78e4b75b551aa2e523da929c720696447773aacf9484270d52dd89d8982318f6973676005cc4418dd5ca1b45d3474f17a0e5f8de780af8f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe

Filesize
184KB

MD5
148b5ef710804b636cbc8b9f597f8442

SHA1
34b4f87317a9c239f6d413e17786acf312c1f070

SHA256
3117d931e893395a6ebccf7624e9405fb037d6ed69f1d724a212f680ef4988ab

SHA512
a1e6576834ad7751ece7c898bbd82172bb53faf6cc21ed6b6b3ed139132947d3719c331d5fc8bf16e653c24e885a4a52fbaa301d86830f21efc17bb4156d2521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe

Filesize
184KB

MD5
d76479dbabef8ac47d3dbb3e5244dc4d

SHA1
8ca4f410dc7d52418a9aec1df52c4d5cb24161bf

SHA256
a66fb666bbc269a7d14cc0812b1ef264c4aba60012c6e71277a19efc756418eb

SHA512
693233ace3abd2d801569f90122a537c22ea43239bbd971ed1ea39e4b7089e8f15b543b8ec4337a86c3fcd19a0d483e9fb13b0d75a964d6ffa2115fe376eba92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe

Filesize
184KB

MD5
f3990e80b5f51d8eed1ea3cd54730ad3

SHA1
87d9d09fa7635be9ebbf78a13460b24028385940

SHA256
8e1698ddc0edfa53cac8bb594ab304e7afb1d1e1ca1a13a5403c54799f54cdc7

SHA512
1a8c8c45e7346fed8bd73d1d369a46235f549602bd69897925f1e8e273a0ce4688a9df3b2c89cfa3d3eb3e47b0f9386d1e766681e2222ce98ea1b2e909bda809

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe

Filesize
184KB

MD5
1dc673b8390f8b1286b49cc7dbf16741

SHA1
bbfd2fe010da21b4cba76084de28e1edc60b73f6

SHA256
1ad4387013f794fba537e854bd16dc87d5a3d1c9d37568b1a79027d7c0b7025a

SHA512
2a07bb65061b5b6474c2458679d92f065f8c6368d60753132bda736cb9fecf33354a02ac5ad8a0676ceff0a11b34c26be9141ab605fbaa408b9c196586440e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe

Filesize
184KB

MD5
bb4b406d1f9ce4742b934a8c7b90732e

SHA1
6a3962a018bacdd345c74a67c5df381b5f647689

SHA256
df34bb94de6f818bf1de027632ee60571ce1934dbd59aa6fe8e2dfed6f0e3584

SHA512
3d66c4f2ea534cf5706cd4e1dae4e94b0ce7cf91132a6453b86dca49037b14abfb1f0a30ffc8d317c5775eae09ea9471e35a516fa0a8bde358280cefbd8be2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe

Filesize
184KB

MD5
0eef91e323a21fb04efc2bde9de43c9f

SHA1
9a0f315f93af07cb90c3bae9e0b91a243dbfa447

SHA256
9a7a42046ae80c89c8b8dbcc283ae78ff587e90c2020365f2c0fd02e55d57c68

SHA512
e2f5f779a5fa17ac4266921ad9f54b146285d4151023c349da227cfc1813b2240d9376e0f8adb9e1bfed4031520d068cf965c6661fae266d57b2b5f064c0d1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe

Filesize
184KB

MD5
def3c9ca2fb20267ec053fa6e9f1032e

SHA1
9d40d51da8707e98e0647f1b63bd39fd8db1d7c0

SHA256
298a0b83d7fff209b1f19a41f075df1ef6cdb244182f9d6b43c287c830222507

SHA512
44adcbb62aed65facadcfc1163c39c91efbc59ab2c5161092bcb50065c488bc6be8e43f82e8dec00df91cd2bf32bead11a8a2a20a0986d0674178d06aef0ba6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe

Filesize
184KB

MD5
bd7935c78f8e56b4bb97404dcc269ef9

SHA1
536f3898379c3e80516d3a9d6eeff1f6b2d44d03

SHA256
b68166595ce5844ff1f3647b9f9261e2e8d6ec4cd64988e3ae790b6f5eb34213

SHA512
8f3a307e42eec2ccc5f8ef1e7fea57250a7ffc77d9ce5283dde1089135e04002a871f5f1a7a7311f80b58ef498c85e9a8369be69069f1cf799c79bf2756e6d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe

Filesize
184KB

MD5
0ce8870bccd68e2e1f0aec84e27a0cac

SHA1
62556fc8219363df015881901e0678c2af900f29

SHA256
b3fea4e4faec089d8b5ef3822f0a4531ad13dafee4193022f7e783ff6a748ff8

SHA512
579519934947796006e26f68380bf53bc9f8c4cfbf746ffd83e91dec11949bfe505fd395a3a6651ebc918da4d4eec74b491a3b3109b3a0e05f62e919060b5ba7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads