d8596e89c4b6193875e99cf98e1d3810d150af8607d0de478d5ce746cdeb4a29

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe
Size

184KB
MD5

19736a0b5baba440e30e1a381c102fb0
SHA1

e65cf47af5b612fbed4645264d99901b7c5d5744
SHA256

d8596e89c4b6193875e99cf98e1d3810d150af8607d0de478d5ce746cdeb4a29
SHA512

b6753f905e152b75ce74cdd231981cde80a2c42c58346feaef724270e3032a5b7f9ba45104aa88dac8dfa51d97faaf3ad583c8fdca4b17d54634c0a51279785a
SSDEEP

3072:DgJkmDoR2WQ2dS0zX+rhSWf1LvMqnviuh:DgvomCS0IhJf1LEqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4428	Unicorn-30440.exe
4772	Unicorn-57576.exe
908	Unicorn-37710.exe
3856	Unicorn-48649.exe
3188	Unicorn-42920.exe
4020	Unicorn-23054.exe
4472	Unicorn-20728.exe
5080	Unicorn-42856.exe
3948	Unicorn-39945.exe
1656	Unicorn-20079.exe
2272	Unicorn-34216.exe
3440	Unicorn-14350.exe
1080	Unicorn-56966.exe
4816	Unicorn-9528.exe
2700	Unicorn-15393.exe
2356	Unicorn-23976.exe
2888	Unicorn-27436.exe
4624	Unicorn-28169.exe
3984	Unicorn-45190.exe
400	Unicorn-45190.exe
1260	Unicorn-3534.exe
2540	Unicorn-10026.exe
5068	Unicorn-3896.exe
4844	Unicorn-13487.exe
4592	Unicorn-33353.exe
4920	Unicorn-17269.exe
4108	Unicorn-10986.exe
3460	Unicorn-8142.exe
2560	Unicorn-30976.exe
4780	Unicorn-19077.exe
3232	Unicorn-2282.exe
5096	Unicorn-9391.exe
3624	Unicorn-6890.exe
4392	Unicorn-2510.exe
60	Unicorn-30931.exe
828	Unicorn-47202.exe
3740	Unicorn-13159.exe
3028	Unicorn-46418.exe
5100	Unicorn-1711.exe
3616	Unicorn-13320.exe
3160	Unicorn-11052.exe
620	Unicorn-59179.exe
2080	Unicorn-59179.exe
2468	Unicorn-16393.exe
1984	Unicorn-33414.exe
4324	Unicorn-16969.exe
3100	Unicorn-16969.exe
2304	Unicorn-11623.exe
4828	Unicorn-33414.exe
2004	Unicorn-5926.exe
4268	Unicorn-54799.exe
1560	Unicorn-60528.exe
4456	Unicorn-9302.exe
4064	Unicorn-14856.exe
2472	Unicorn-8726.exe
2776	Unicorn-14591.exe
2952	Unicorn-49198.exe
4616	Unicorn-2997.exe
3192	Unicorn-57929.exe
4536	Unicorn-55085.exe
4076	Unicorn-45711.exe
4792	Unicorn-45711.exe
5104	Unicorn-26421.exe
3908	Unicorn-21874.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
6624	4520	WerFault.exe	159
7104	7024	WerFault.exe	289
6352	4520	WerFault.exe	159
10500	9360	WerFault.exe	437
11908	1156	WerFault.exe	175
13508	12520	WerFault.exe	630
13920	1156	WerFault.exe	175
17528	18388	WerFault.exe	919
17736	16760	WerFault.exe	835
14916	6276	Process not Found	241
14736	6536	Process not Found	1049
15352	10568	Process not Found	1348

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2400	svchost.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	9664	Process not Found
Token: SeChangeNotifyPrivilege	9664	Process not Found
Token: 33	9664	Process not Found
Token: SeIncBasePriorityPrivilege	9664	Process not Found
Token: SeCreateGlobalPrivilege	6880	Process not Found
Token: SeChangeNotifyPrivilege	6880	Process not Found
Token: 33	6880	Process not Found
Token: SeIncBasePriorityPrivilege	6880	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe
4428	Unicorn-30440.exe
4772	Unicorn-57576.exe
908	Unicorn-37710.exe
3188	Unicorn-42920.exe
3856	Unicorn-48649.exe
4020	Unicorn-23054.exe
4472	Unicorn-20728.exe
5080	Unicorn-42856.exe
3440	Unicorn-14350.exe
1656	Unicorn-20079.exe
2272	Unicorn-34216.exe
3948	Unicorn-39945.exe
4816	Unicorn-9528.exe
2700	Unicorn-15393.exe
1080	Unicorn-56966.exe
2356	Unicorn-23976.exe
2888	Unicorn-27436.exe
4624	Unicorn-28169.exe
3984	Unicorn-45190.exe
400	Unicorn-45190.exe
2540	Unicorn-10026.exe
2560	Unicorn-30976.exe
5068	Unicorn-3896.exe
4592	Unicorn-33353.exe
4920	Unicorn-17269.exe
1260	Unicorn-3534.exe
4844	Unicorn-13487.exe
4108	Unicorn-10986.exe
3460	Unicorn-8142.exe
3232	Unicorn-2282.exe
3624	Unicorn-6890.exe
5096	Unicorn-9391.exe
4392	Unicorn-2510.exe
60	Unicorn-30931.exe
828	Unicorn-47202.exe
3740	Unicorn-13159.exe
3028	Unicorn-46418.exe
5100	Unicorn-1711.exe
3616	Unicorn-13320.exe
3160	Unicorn-11052.exe
620	Unicorn-59179.exe
2080	Unicorn-59179.exe
2468	Unicorn-16393.exe
4324	Unicorn-16969.exe
1984	Unicorn-33414.exe
3100	Unicorn-16969.exe
1560	Unicorn-60528.exe
4828	Unicorn-33414.exe
2304	Unicorn-11623.exe
2952	Unicorn-49198.exe
4064	Unicorn-14856.exe
2472	Unicorn-8726.exe
2776	Unicorn-14591.exe
2004	Unicorn-5926.exe
4616	Unicorn-2997.exe
4268	Unicorn-54799.exe
4456	Unicorn-9302.exe
3192	Unicorn-57929.exe
4536	Unicorn-55085.exe
4792	Unicorn-45711.exe
4076	Unicorn-45711.exe
3908	Unicorn-21874.exe
5104	Unicorn-26421.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 4428	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	86
PID 3788 wrote to memory of 4428	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	86
PID 3788 wrote to memory of 4428	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	86
PID 4428 wrote to memory of 4772	4428	Unicorn-30440.exe	91
PID 4428 wrote to memory of 4772	4428	Unicorn-30440.exe	91
PID 4428 wrote to memory of 4772	4428	Unicorn-30440.exe	91
PID 3788 wrote to memory of 908	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	92
PID 3788 wrote to memory of 908	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	92
PID 3788 wrote to memory of 908	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	92
PID 4772 wrote to memory of 3856	4772	Unicorn-57576.exe	94
PID 4772 wrote to memory of 3856	4772	Unicorn-57576.exe	94
PID 4772 wrote to memory of 3856	4772	Unicorn-57576.exe	94
PID 908 wrote to memory of 3188	908	Unicorn-37710.exe	95
PID 908 wrote to memory of 3188	908	Unicorn-37710.exe	95
PID 908 wrote to memory of 3188	908	Unicorn-37710.exe	95
PID 4428 wrote to memory of 4020	4428	Unicorn-30440.exe	96
PID 4428 wrote to memory of 4020	4428	Unicorn-30440.exe	96
PID 4428 wrote to memory of 4020	4428	Unicorn-30440.exe	96
PID 3788 wrote to memory of 4472	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	97
PID 3788 wrote to memory of 4472	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	97
PID 3788 wrote to memory of 4472	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	97
PID 3188 wrote to memory of 5080	3188	Unicorn-42920.exe	100
PID 3188 wrote to memory of 5080	3188	Unicorn-42920.exe	100
PID 3188 wrote to memory of 5080	3188	Unicorn-42920.exe	100
PID 3856 wrote to memory of 3948	3856	Unicorn-48649.exe	101
PID 3856 wrote to memory of 3948	3856	Unicorn-48649.exe	101
PID 3856 wrote to memory of 3948	3856	Unicorn-48649.exe	101
PID 908 wrote to memory of 1656	908	Unicorn-37710.exe	102
PID 908 wrote to memory of 1656	908	Unicorn-37710.exe	102
PID 908 wrote to memory of 1656	908	Unicorn-37710.exe	102
PID 4020 wrote to memory of 2272	4020	Unicorn-23054.exe	103
PID 4020 wrote to memory of 2272	4020	Unicorn-23054.exe	103
PID 4020 wrote to memory of 2272	4020	Unicorn-23054.exe	103
PID 4772 wrote to memory of 3440	4772	Unicorn-57576.exe	104
PID 4772 wrote to memory of 3440	4772	Unicorn-57576.exe	104
PID 4772 wrote to memory of 3440	4772	Unicorn-57576.exe	104
PID 4472 wrote to memory of 1080	4472	Unicorn-20728.exe	105
PID 4472 wrote to memory of 1080	4472	Unicorn-20728.exe	105
PID 4472 wrote to memory of 1080	4472	Unicorn-20728.exe	105
PID 4428 wrote to memory of 4816	4428	Unicorn-30440.exe	106
PID 4428 wrote to memory of 4816	4428	Unicorn-30440.exe	106
PID 4428 wrote to memory of 4816	4428	Unicorn-30440.exe	106
PID 3788 wrote to memory of 2700	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	107
PID 3788 wrote to memory of 2700	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	107
PID 3788 wrote to memory of 2700	3788	19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe	107
PID 5080 wrote to memory of 2356	5080	Unicorn-42856.exe	108
PID 5080 wrote to memory of 2356	5080	Unicorn-42856.exe	108
PID 5080 wrote to memory of 2356	5080	Unicorn-42856.exe	108
PID 3188 wrote to memory of 2888	3188	Unicorn-42920.exe	109
PID 3188 wrote to memory of 2888	3188	Unicorn-42920.exe	109
PID 3188 wrote to memory of 2888	3188	Unicorn-42920.exe	109
PID 1656 wrote to memory of 4624	1656	Unicorn-20079.exe	110
PID 1656 wrote to memory of 4624	1656	Unicorn-20079.exe	110
PID 1656 wrote to memory of 4624	1656	Unicorn-20079.exe	110
PID 3440 wrote to memory of 3984	3440	Unicorn-14350.exe	112
PID 2272 wrote to memory of 400	2272	Unicorn-34216.exe	111
PID 3440 wrote to memory of 3984	3440	Unicorn-14350.exe	112
PID 2272 wrote to memory of 400	2272	Unicorn-34216.exe	111
PID 3440 wrote to memory of 3984	3440	Unicorn-14350.exe	112
PID 2272 wrote to memory of 400	2272	Unicorn-34216.exe	111
PID 4020 wrote to memory of 1260	4020	Unicorn-23054.exe	113
PID 4020 wrote to memory of 1260	4020	Unicorn-23054.exe	113
PID 4020 wrote to memory of 1260	4020	Unicorn-23054.exe	113
PID 4772 wrote to memory of 5068	4772	Unicorn-57576.exe	115

C:\Users\Admin\AppData\Local\Temp\19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19736a0b5baba440e30e1a381c102fb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24207.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        9⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        9⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        9⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        9⤵
        
        PID:17452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        8⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        8⤵
        
        PID:18364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        8⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        9⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
        9⤵
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        8⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        7⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        7⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56741.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        9⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        9⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        9⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        7⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        8⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        8⤵
        
        PID:17844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23964.exe
        7⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        7⤵
        
        PID:17484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        7⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        6⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        6⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38438.exe
        6⤵
        
        PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        7⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32613.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        9⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        10⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38770.exe
        10⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        9⤵
        
        PID:12656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        9⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        8⤵
        
        PID:16756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        8⤵
        
        PID:17844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        8⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        7⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        6⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
        7⤵
        
        PID:18016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        7⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        6⤵
        
        PID:16104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        6⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        7⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
        7⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24895.exe
        6⤵
        
        PID:16348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18661.exe
        7⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        7⤵
        
        PID:15848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        7⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        6⤵
        
        PID:9428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        6⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        6⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        5⤵
        
        PID:11160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        10⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        10⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        9⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        9⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        8⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        8⤵
        
        PID:12896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        8⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        8⤵
        
        PID:16848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        7⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        7⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        7⤵
        
        PID:16544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21896.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        8⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        8⤵
        
        PID:15444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35225.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        7⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        7⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        7⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
        6⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        7⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        6⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        6⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        8⤵
        
        PID:15188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
        8⤵
        
        PID:15564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        7⤵
        
        PID:18256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        7⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29830.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        6⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        7⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        8⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        6⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        5⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
        5⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        5⤵
        
        PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
        6⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        7⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        7⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        7⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7426.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41134.exe
        6⤵
        
        PID:7544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        6⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
        5⤵
        
        PID:11192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
      4⤵
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        6⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        6⤵
        
        PID:15512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        6⤵
        
        PID:18424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        6⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        5⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        5⤵
        
        PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        5⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        5⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        5⤵
        
        PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      4⤵
      PID:16788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33423.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        9⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        9⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        9⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        8⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
        8⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        8⤵
        
        PID:16480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        7⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        7⤵
        
        PID:13680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        7⤵
        
        PID:18320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        6⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        8⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        7⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 744
        7⤵
        Program crash
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 760
        7⤵
        Program crash
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6812.exe
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        7⤵
        
        PID:13864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        7⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-767.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        6⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        9⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        9⤵
        
        PID:18348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        8⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        8⤵
        
        PID:15428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
        8⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63881.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        7⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        7⤵
        
        PID:15936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        7⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        7⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        6⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38705.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        5⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        6⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        7⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        7⤵
        
        PID:15756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        6⤵
        
        PID:11596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        6⤵
        
        PID:12444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        6⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        5⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        6⤵
        
        PID:16232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2613.exe
        6⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        5⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        5⤵
        
        PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        8⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        8⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        8⤵
        
        PID:18304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        8⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        8⤵
        
        PID:15912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
        7⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        7⤵
        
        PID:17224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        7⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
        7⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64432.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        6⤵
        
        PID:13796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        7⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        6⤵
        
        PID:14564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        6⤵
        
        PID:18312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        6⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        5⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        6⤵
        
        PID:13232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        5⤵
        
        PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        6⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 468
        7⤵
        Program crash
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
        6⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 468
        7⤵
        Program crash
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        6⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12520 -s 468
        7⤵
        Program crash
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        6⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        6⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        6⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60623.exe
        5⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        6⤵
        
        PID:17652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        6⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63708.exe
        5⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
      4⤵
      PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
      4⤵
      PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
      4⤵
      PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44780.exe
      4⤵
      PID:18336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        8⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        7⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        7⤵
        
        PID:14440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56908.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        7⤵
        
        PID:15720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        7⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        6⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        5⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64601.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13560.exe
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        6⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        5⤵
        
        PID:15256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51480.exe
        5⤵
        
        PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        5⤵
        
        PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
        5⤵
        
        PID:16504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
      4⤵
      PID:14788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        5⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        7⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        6⤵
        
        PID:15500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        6⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
        5⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        6⤵
        
        PID:11148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        6⤵
        
        PID:17288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        5⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        5⤵
        
        PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
        5⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
        5⤵
        
        PID:16728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        5⤵
        
        PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38275.exe
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
      4⤵
      PID:17904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        6⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        6⤵
        
        PID:18280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        5⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        5⤵
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
      4⤵
      PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      4⤵
      PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      4⤵
      PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
    3⤵
    PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
      4⤵
      PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
      4⤵
      PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
      4⤵
      PID:18168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
    3⤵
    PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
      4⤵
      PID:17944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
    3⤵
    PID:9928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
    3⤵
    PID:14164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
    3⤵
    PID:18076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        8⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        9⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        9⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        9⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        8⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        8⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        8⤵
        
        PID:18376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        7⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        8⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        8⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        8⤵
        
        PID:16820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        7⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        8⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        8⤵
        
        PID:18128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        9⤵
        
        PID:15692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        8⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        8⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        8⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12671.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46434.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        8⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        7⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        7⤵
        
        PID:13724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
        7⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
        7⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        6⤵
        
        PID:13820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        6⤵
        
        PID:17608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        8⤵
        
        PID:18208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
        7⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        8⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        8⤵
        
        PID:18188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        7⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        7⤵
        
        PID:13620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        7⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        6⤵
        
        PID:15872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        7⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        7⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        7⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        6⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        6⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        7⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        6⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        6⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        6⤵
        
        PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        5⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        5⤵
        
        PID:18216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        8⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        9⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        9⤵
        
        PID:16204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45017.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        8⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        8⤵
        
        PID:14508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        8⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        8⤵
        
        PID:11872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        7⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        7⤵
        
        PID:14032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        7⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        7⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55322.exe
        6⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        6⤵
        
        PID:10792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        6⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        6⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16111.exe
        6⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33637.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        6⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        5⤵
        
        PID:15960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        5⤵
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-75.exe
        5⤵
        
        PID:4520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 720
        6⤵
        Program crash
        
        PID:6624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 740
        6⤵
        Program crash
        
        PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
        5⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        6⤵
        
        PID:15028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        5⤵
        
        PID:16732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
      4⤵
      PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        6⤵
        
        PID:14600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        5⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        5⤵
        
        PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        5⤵
        
        PID:18024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        5⤵
        
        PID:16496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
      4⤵
      PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
      4⤵
      PID:15972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        8⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        8⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57289.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
        7⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
        7⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4936.exe
        6⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        7⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        7⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        7⤵
        
        PID:16080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        7⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9964.exe
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40562.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        6⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        8⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        8⤵
        
        PID:14932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        7⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        7⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        6⤵
        
        PID:14840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        6⤵
        
        PID:12676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        5⤵
        
        PID:9020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        5⤵
        
        PID:16040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        6⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        7⤵
        
        PID:17932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33160.exe
        7⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        6⤵
        
        PID:16948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        6⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35633.exe
        5⤵
        
        PID:18036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        6⤵
        
        PID:12184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        6⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        5⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        5⤵
        
        PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
      4⤵
      PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29259.exe
        5⤵
        
        PID:18116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43346.exe
      4⤵
      PID:11136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20027.exe
      4⤵
      PID:15208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50085.exe
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        7⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        7⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        6⤵
        
        PID:12912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        6⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        6⤵
        
        PID:17604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        6⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        5⤵
        
        PID:18388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18388 -s 80
        6⤵
        Program crash
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        5⤵
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        5⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        6⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41882.exe
        6⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        5⤵
        
        PID:12452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        5⤵
        
        PID:16532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        5⤵
        
        PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
      4⤵
      PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        5⤵
        
        PID:10884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
      4⤵
      PID:9316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
      4⤵
      PID:6244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      4⤵
      PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        5⤵
        
        PID:14204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55338.exe
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
      4⤵
      PID:16760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16760 -s 464
        5⤵
        Program crash
        
        PID:17736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
      4⤵
      PID:16648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
    3⤵
    PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
    3⤵
    PID:10160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
    3⤵
    PID:13424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
    3⤵
    PID:18236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
    3⤵
    PID:1004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        6⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3650.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        7⤵
        
        PID:17436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
        7⤵
        
        PID:16728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54080.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        6⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        7⤵
        
        PID:16828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        7⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        5⤵
        
        PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4833.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        6⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        5⤵
        
        PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62326.exe
        5⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        5⤵
        
        PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
      4⤵
      PID:9640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      4⤵
      PID:13560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
      4⤵
      PID:17424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        6⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        5⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        6⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        6⤵
        
        PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        5⤵
        
        PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22962.exe
      4⤵
      PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        5⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
      4⤵
      PID:9388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
      4⤵
      PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
      4⤵
      PID:220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12004.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51737.exe
        6⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        5⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63536.exe
        5⤵
        
        PID:13396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        5⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
        5⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        5⤵
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
      4⤵
      PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
      4⤵
      PID:18004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
      4⤵
      PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
      4⤵
      PID:14288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57564.exe
      4⤵
      PID:18164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
      4⤵
      PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
    3⤵
    PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48357.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
      4⤵
      PID:13988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11439.exe
      4⤵
      PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
      4⤵
      PID:7376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
    3⤵
    PID:10080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
    3⤵
    PID:13500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55610.exe
    3⤵
    PID:17732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
        5⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33030.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        6⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        5⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        5⤵
        
        PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        5⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
      4⤵
      PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
      4⤵
      PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
      4⤵
      PID:17696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        6⤵
        
        PID:16252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        5⤵
        
        PID:15376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        5⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
        5⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        5⤵
        
        PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
      4⤵
      PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
      4⤵
      PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
      4⤵
      PID:18272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
    3⤵
    PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62429.exe
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
      4⤵
      PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
    3⤵
    PID:11060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15147.exe
    3⤵
    PID:14868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
    3⤵
    PID:8012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19077.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19077.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        5⤵
        
        PID:13224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
        5⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
      4⤵
      PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
      4⤵
      PID:12072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
      4⤵
      PID:15928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
    3⤵
    PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16949.exe
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
      4⤵
      PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
      4⤵
      PID:18348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57593.exe
      4⤵
      PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
    3⤵
    PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64652.exe
      4⤵
      PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
      4⤵
      PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
    3⤵
    PID:9352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
    3⤵
    PID:13860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
    3⤵
    PID:17492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
    3⤵
    PID:17596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        5⤵
        
        PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        5⤵
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
      4⤵
      PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
      4⤵
      PID:6332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
    3⤵
    PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
      4⤵
      PID:12012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
      4⤵
      PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
    3⤵
    PID:9816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
    3⤵
    PID:13780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
    3⤵
    PID:17632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
  2⤵
  PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
    3⤵
    PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
      4⤵
      PID:16508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5785.exe
    3⤵
    PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
    3⤵
    PID:14536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
    3⤵
    PID:18244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
    3⤵
    PID:4084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
  2⤵
  PID:7384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
    3⤵
    PID:10876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
    3⤵
    PID:15096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
    3⤵
    PID:18332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
  2⤵
  PID:9520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
  2⤵
  PID:13924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
  2⤵
  PID:17856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4520 -ip 4520
1⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7024 -ip 7024
1⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4520 -ip 4520
1⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9360 -ip 9360
1⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1156 -ip 1156
1⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 12520 -ip 12520
1⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1156 -ip 1156
1⤵
PID:14032

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:4908

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:18344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
- Suspicious behavior: AddClipboardFormatListener
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe

Filesize
184KB

MD5
753e25d93f9fe1206ed739a0595f4bbf

SHA1
1138b7d52a6438c0d46e8cb8d6e84b06b01a744e

SHA256
73a7fe3e654e765dadc2fb4b683d2a6091b12facedf7eec4949ba079d53c1a73

SHA512
8b76a2898c81d1e7f6e8bff89d0d45bf5e8ac27a3891597bfdb486bb747ae30af6cd48eb786347d9b2d771bd871b8b105eb7d1560d4c4ab3176cdd45aae5bd8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10986.exe

Filesize
184KB

MD5
f5c19bd3d2a9c8b58ad88089e3e2bc86

SHA1
f7a98152e6a75cd8828718a848afd5f4e001ff82

SHA256
bd584c0e99f8e4f9f777bac91914a95897088f36ec67f90c05e6eca9c739e108

SHA512
65de82d52dd78627549b3d14f838847bbeac0aebe39b5bf1d9d96af96989b9ee0d949052b7698eefdd1ce4bf37a023239f943ff14a3f04269d66f711f09c6923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe

Filesize
184KB

MD5
68720f4a01653476291bc0d88e950ba6

SHA1
79414b475e550c2c24d60b8ecdfdbb4dfba5e6fa

SHA256
d056772fbf9498ca3926eaf57710eac07c743f0f1ae28fc07ebf77b3d4beca20

SHA512
021db1152c35279f33d3f63b9dbf4e9f3a3e4fc63dd46c580b2eca6c81f4d88e6b7910be0b9c3ca49c2413746574d6a1f1dbf9984b015aa07f730065b830322a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe

Filesize
184KB

MD5
be3364cb203930107835f1dd17d99cdb

SHA1
a62f82e3c9fee083adae4e57c2c8083f7a64ad6c

SHA256
b2e2dfe43f673007a5300aeaa48dc0b98390c46e70fee4a6fd23b0318d7e61ad

SHA512
d0fa54ca11c1efcb3ad550788a64a8b2af1a6d5c9d862a58270c2f0f59266c903143a2d28fb5d6f398206e04b960eb3d4fcf81685f445189bfcadcc22e20f7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe

Filesize
184KB

MD5
79c9746a73e4e68d014583d6bcea4635

SHA1
1a1a98fa87da01c818dc872bf0cff2efa795afa8

SHA256
4a1084b91e4ce81fdbcde0542626bf1fa5257f83b4df601b6fff62d6c2c2d312

SHA512
133a727e5c7f619ce336ef57f295530fbc9cd13bb6f7ae06840eb5ba10d284acb81b6bd6f62bad98e74f44b95e3275db5cefa3c06fa035597632959ee85df684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe

Filesize
184KB

MD5
b9201f64ad020edff7707452719ee04a

SHA1
524e5b86507e6c34ed366409a82737475267cf5b

SHA256
0a59ffa808cd8a216c518eea7a72066e37ec84f078540e279d46b2c3ee853200

SHA512
166640728b6ff9d0be5e3fabeefc5b879ccfc0c52af7bab59d645af72464d3aef72f6c7cff63ebfba209780e5b1261068b4655b86fd28d1d5268ffca67f0fa66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe

Filesize
184KB

MD5
30e2bb5a5bd9f9dd00a7256f0a557892

SHA1
0fd455ddc4ba1a8a11332fca8b15e2ce020c10e1

SHA256
76350cdf1f87414114b7d5af3f754ee88836673a32e579eab13930b41c046f39

SHA512
0134ce7b1f6c3220aaa2ede593de959ee40040d1a4fb8a9c7a4df27f84cfd5360ef35a50aac04baf97fe237830b72a2996bf53ba147915b145e6d67f139334ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19077.exe

Filesize
184KB

MD5
4b391ffcb13c72710d2c9f7258f5d8fb

SHA1
218d7566ebfe8ffb396d31e49b203c1b9b93c63c

SHA256
a50362453c104237b94f78fdaf2d64b967ca2f1529cd1212269499142793406e

SHA512
2e7b6e85e6e00ddf4099e52fb2e07ab85b93eb273d51fcffd899ef4cf534cf991c687b29ab88b63d1136254132116e381dcc763c2a4319d4364d15309feb9a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe

Filesize
184KB

MD5
d9691e50c81a7444c2c6765934ec428e

SHA1
b7b4abe8ce7d4d086a73481a68b6c57dc2ba13dd

SHA256
3d88650642b53a8688a45e6180987be24d8ed0e6b0d3cc8bd75c9cc3cd3adc60

SHA512
12bb621c63e34d604049841eecff5697b249a231f51f01b366c89711d2d7e1b05d8be701d39b71a2ffe39ff0f30cb43d179e8be9574a1453984c227ec0560f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe

Filesize
184KB

MD5
3210a965c7fb2650f0747637a298612c

SHA1
0f3adb7d0647749c32e1666cadcde6a9b79a06a6

SHA256
3f2723d98c08651c5df114e2038a1e1b2a04c23c8c9f9bbf077e50ed4f622755

SHA512
696826e3bb467e36a91e83a56deee44006540df7041ef55b79fc768a0ccc6310c6547d6a72f26b144707951aaa96fec79fb5132abd5f3baf934359d95f00de57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe

Filesize
184KB

MD5
4f0208465f12efce4181593a0a5c0ae2

SHA1
bc97a7adb7c32e14abdbd494424a773864ec74db

SHA256
28e6d588471fc9ffedc308a3387a3952141db455d943841206f52257264db5bb

SHA512
475f9d914baf2177064a1fb4038bdfd121f350605c22d8057a897d348838b983a83de2adb88c5cfb7684e038ccad1fc40a518883712dfec425cd91ac87d7fe7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23054.exe

Filesize
184KB

MD5
2944c12faf1d0f12bf604cabc3509c44

SHA1
a36fa28408769994b4bb8f0da5b46a1516b7e15a

SHA256
602387af8ec3d55c8a00a8f496eb72a6f6099c29e6546f087ba402269e4ae165

SHA512
f83ef6305122573e40de78dc7e2d62b6b6ada1e3c201c50c6610b1d278ee13f38a310e015901bbb2049327562975c1136a179971df28f7c9990edf3655a9b673

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe

Filesize
184KB

MD5
49803c7dd31cffd7ce8e856498b96a21

SHA1
c3b63f4c84cdf6dd8b2dcee4f2ba7b09eb9eb17c

SHA256
d65a64d9e4afbcc5c8ac4381f59956fa815c0ac0b97ce0a88369043b7f82c11d

SHA512
a07cbd3a5f2466f52d23922978beeeaec839775084a731494a80da2af88f6c715bfba38427efd7ac36eb53c9274bfb254ecf71b48b705510531b167eeb41f6b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe

Filesize
184KB

MD5
c803fca30b09de6f69eb20cb7b7f7246

SHA1
b97d9701e37ac1e756861db16eacf329cb2d6eaf

SHA256
68d209937b33bdfb0c2efe450d92bd360aedf1d7f8e2137717113ef192599b84

SHA512
04adef214680a51ddcd7dea75cbcd7afc66616a183593e24d9bd722a5f488260af8b4aa912a3343bf8f842989ee2ae6ea3a41ae52c814be278e1273eaa0bcae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe

Filesize
184KB

MD5
ce03eac6c7ec6320ec46553306898858

SHA1
68357eadab2c319910d256875e7a0788d8b5848f

SHA256
27d4cbb8d78076217678fedefb346360321d139dd087747add64c4365527389d

SHA512
ceb7739d4d9c6bdd4f75c67b50f9c252c795cdd1439092f1d25cd09f65724d9131cc921cb457e5f901286dbd754e4bb959b6ef5565a06284751a0f21f3ce9455

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe

Filesize
184KB

MD5
c14baea94c40fa15506b8ab030eb0c24

SHA1
3c564f258e01ffb04e955ff0739924cf50c8e7b2

SHA256
67f55280f38cc9c4f29bc75f22dd032e5bdf1a4246134fba89874199d757ad46

SHA512
d9a863103df5eb1dc8aa37d3277d3d4fae5ec88d5b04acf3366a3741176516ab2f26fd3000b4ac1d07add4a0e9def4ef3910fabfb648faf93cd794e78e0c1678

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe

Filesize
184KB

MD5
8b1dee2922dfed2053c2c0c122036bfd

SHA1
70f46d9579a8478cce6b8e3c8ee87c941f09542e

SHA256
0e5eff999f22b7e5f88ea7603848e189934dd14ce9d0918e4b17fd5d3b016475

SHA512
52e3477fa98527ffecca3e9720ef4a9804da2f82e47d957c3e3e0a608dad5547ccf5cff7cb66b7cb16cf4157b8761b75c4eb69bdacfaf6200b3ca314ba1bf69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe

Filesize
184KB

MD5
bd6a52147b737030db2c7971702b4c38

SHA1
3c951deae2cd75c8c983fead30a333d42ac05e5f

SHA256
be1172310c5edc15d47ba155e24a299d4ab1750217bfb2c774a9a229d81e7ab9

SHA512
04bba016389b7dfdcfcf433dae8264ffa35d35d48acf9a023a05da2583af7812ae7029e31a5974df05dcb04ae0f5fa42d391e9bc3e424cf18ad9571d512acfee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe

Filesize
184KB

MD5
d376ddd518feab4abd79023156bbfc33

SHA1
1adae39aa9a800e33d0c835419e477d1bc4d5130

SHA256
1758718df5973d90b0aec2f45b5b51ebe69537a37db2adb8baa3b3b73110ac0a

SHA512
d7dcca63b2db7122687b61dec482770cd4977e65417dcf0c01127f2a25858bd97d383df4ec4b48b9cf8f5a4b16318cebad2f58ce5eb16654c0adc67e75e0b70f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe

Filesize
184KB

MD5
f0e85185bd0e25947220d785772291a6

SHA1
9e330f15e61f8629f515942a75d0ee3a860fe22d

SHA256
930fff79597b6dfc0edb2e217c303b24b0ac1ec3f356d4c7614ad31458384b49

SHA512
28b6f033886d1dee730ce6a38d2448ada2c4af8e157549189b1c901012e24b4cbdb485f5a89ceeb800d1fbbc8a1a1f4e023cf91eaef1ae82419239d4f158b58f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe

Filesize
184KB

MD5
7d89039975756b644080e3849c6ff650

SHA1
32128f725e2a26d2024c3df59bceac8097a57001

SHA256
f33ca566989f363ed4888f8f93d17b4167f0b125efe94434f5e3499de674cc5b

SHA512
35b8e00f68d68f3f5a1093fd4846ff48315367c230175525b6046975589162ae6b11c78741de4ff4d194cc3a7da3bcf2c4b3bc38876f7d96b386fb3034a5ae17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe

Filesize
184KB

MD5
d890620c978da1c93b0bdedc7c4c6a71

SHA1
2008ce0be5d20d5aee8c38fcb57f7ae127be44aa

SHA256
90f1f5f8f78ee75eadd4bb6933cad5bb2b9444bdf86b6676691bc5251e58e1da

SHA512
32439fef66d8013009ad7184a54f9b6dfa1d0ac77afb6d0392efec04659a276f6001a0a9e8c8305dc927ddd7cc3fef521433aa91bfe4a0d1d1783c89437f9879

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe

Filesize
184KB

MD5
c0b12113daefc704ee349fd2b4c4b458

SHA1
1b667120fab63ee00c84b90f56cd70b94af723ac

SHA256
aab0462cc74b318e711dbbd7a52257be858aa5604c3432c838bea3abb7516e47

SHA512
e9fb797530b179ac613207c3b96f1f3b1ab9170f95b4d4d1d0d18a746c96422b7c2252cd2b1dc9dad66fd72c92909bd7ac925055d96cf4a8881c4c98586e4513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe

Filesize
184KB

MD5
431851aac680439b810af8073ebce632

SHA1
f0674aec4a31dbddd049faf050745bd5ab7ded83

SHA256
9a814b5d600b94d89011b9125e5fbcdb1213ba6bbe5e5d813b0d92c00dc3bdfc

SHA512
78396b8ed5d6dd3a11379a877579e30be3d5978fed4df425cd56b0f4cde9b1c6a09c72bcbc0c46b1130a367a9e8963fade10e3d4af4a741efb9625786c545b29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42856.exe

Filesize
184KB

MD5
50daaa1de6f7df8d11f66d45196d0671

SHA1
f10dd582fdf397f8e2f7e2c621e5b3aa8819d694

SHA256
c19e7697489a5df21c14e8930b1fbedbe522b4aa5863529e90ae7968eb168b9f

SHA512
918df8eeb0e97248a9670048ddfd844522a154b3a4112023b0288aa64c7dad854a8c36c3d2f5e83029bc6c8dd21a10521a3200adb391d484c9d7cedd15d95731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe

Filesize
184KB

MD5
534c10800e56d223b38c423c66a0a13e

SHA1
1c7334f243fb8ce12187297eea93996c4b946213

SHA256
f192b17c7dec017b4afaa31ad8b1ee2d8b4f01bb494e6b16a44692b15e9d936e

SHA512
a9d6a44368e73b50b380f90d79dcbe8dc5f838b5dbac02e8e25337288af94501e9985a3a4bb91512d725bf0034f5f6b73c0af5b6156cf86eeaf37385026b78c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe

Filesize
184KB

MD5
c65a7af58bcc3b960673fdb8b1e6a682

SHA1
a5d58bc1126fce948baa2ce9f58887c4884c435b

SHA256
ffa8be1e3883a6ccc2633093bec745066edc9a417069da765d6459bf05c27474

SHA512
c66fa1bd054d07a6bb688840ce3d873c06a2cb3ae0df10c744ad5bea11a4c47d3e23d4ee6a1c56097b62526f01f668c1d5aed673cd12e26fe05ef08327a36d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe

Filesize
184KB

MD5
c4398979193ae83bc7013de5c4b06e4e

SHA1
22c68df3060c591a0d15a707818d5a4aa446d3fb

SHA256
1b63bcbd818e2da0a5f3bfbedc3e3aec0b9f8d661c769ef659043cfbbabdbdd2

SHA512
5ab3c644561e9cb63d281977eec254a3bf8b7269f747de5b65c62cf7d1f082197a23502bfce21f328b54d5561a3fd51612fcedc3875175472648bcc46a2be3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe

Filesize
184KB

MD5
9ad296a47baa3210527cccb446fbeec1

SHA1
ecd8b2cfdea10324b51babf0aaac8ca05e625e8e

SHA256
9ecd0d38a1e2b6b81e9572d829589c34e7e94b6bfb5321f020ad679fffdefdda

SHA512
fa8dcbfe052a691c7cdc90f405e99eab6f7c204b1967d7746c0175de8f477bb4605fb6fd9317fa663755d8f96e7432218c64f885f8c12099afee3b3dfc1912e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe

Filesize
184KB

MD5
04ffa8be76339661f26f245d9422a708

SHA1
f4029682449e5bc7c4bf37eca1d373a17e778cfe

SHA256
736fd6880b1e0dc33f70ad5ad0a76ab17f40161f72e9a3578156bd56204e0a59

SHA512
71d25f5633db72face579d2b32e1f43b528fa955d0aeecf1f9a50315273088426ab9ed9a7ddfa9176e5c704dafbc71620fc427af6c8571c345f4cf873d8af5cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe

Filesize
184KB

MD5
e677512deec4d3e9158a9c60d0386800

SHA1
38c74210b6bf64f1550d2407fb1f824a8d403fc7

SHA256
4b3d5492a866a7de5059fd72e4235511907cec6fc125b3473e842566d5f7e334

SHA512
a2cefadb26f929154c3f65dd716a291e4cae4cc0335909443815f79e517ff7e8a6038c768da32341d663f54a7512defd39026249b2bfc6f9513bbc865a5b7571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe

Filesize
184KB

MD5
9bfa4d831d10087d8ccf783e27d04e6e

SHA1
50b1fe4bf6a1b2e403204819dc5c3bbb04e6f975

SHA256
6fa84a8a5d43fb2adfd404a46720841d393d1e2abfc63b2023b7fe5a934d8147

SHA512
8c2331410220b0b6d44850973296d3d5ec35ed70215e8da48dff395676ae8e34a7e76c35495b14943ef3a9b3b38610de065399ff0ac7845b303afc9820aaeb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe

Filesize
184KB

MD5
ebd21f35c002dc5212f56b0329d9f212

SHA1
aa92fc41c7a770f958cd669c6d7225be45260eb9

SHA256
d7364a4336933b19f93d281b2bc97b2e413059a6f8d752d594acb8fd9a93e847

SHA512
b59fbbeb1520824bfc6674ba30390bc2c3e75e230bcb48b3fe6b6d88e53abf112559bb278a5c076a8b7d0672aee8ce3831bf52c0b019f7fdc717a1f1decc1db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe

Filesize
184KB

MD5
4a6356613b447a47c5e8579916049795

SHA1
0c232af0d767f2a46b275702746b0c06fd2b020d

SHA256
b344ff49b1cf4960f29735822d53cd7f49492d91d1b4ac169056e6a216ea3b1c

SHA512
350ba4e9e94b57b03f98f9f1928a7f6165b7868fb140609033a4ec511ac724c998ff06b509b6a6ae381172729e0d877df2e88ea8a28e9c74ea4c018a7f010b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe

Filesize
184KB

MD5
c49a72d9e0128a322ceb84d33ed69fa7

SHA1
d8e3a9ba8f5a9fe6d8498c8940ba4b9ceae58848

SHA256
35fe3f687c606ed7194f2d0bcded012abeda48c60575504f4985724523197c9b

SHA512
f652232103eb0be2dce494175143ec8117cc9e889109feb279d7d315480103d299873058266c9060fc9746af74fd58d8863631283243ee793da9967a51e24194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9528.exe

Filesize
184KB

MD5
17ede02978de19b7b2bd06582b24826d

SHA1
2138e91b4a3f41c97d4854c84938df681a4f7882

SHA256
d0c36541105afd83d39843fc65e441fee8cb41a9d30c05c5ed49739cb1be6a57

SHA512
a6250ffe7f809ea869e049bd49eee6ace95708d9ef6ad6ca0287bb3ec3b9d2d2e2e02756f248cdd49ffd84545f8151aaedc43085b2f64b4895edd9414c947fd0

Download Submit
memory/4780-1180-0x0000000002E90000-0x0000000002F6B000-memory.dmp

Filesize
876KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads