d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe
Size

184KB
MD5

6ab9e31e584ee59892cf06563918271f
SHA1

750ad35d8adf91548015457a2e60faf0d306c19f
SHA256

d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08
SHA512

55d1ceb411f9e2ee74d544d2f42c8bd10bce2f415ab57b366adb3ea63ae5ca997a333782e12b08834d811581fbaf6ea5183883b08406548d246b08c5c765d515
SSDEEP

3072:8Vi6LCoH6HVcd6npZ/98o5Mj7vnqnyiu+:8VqosI6nh8IMj7Pqnyiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4692	Unicorn-38782.exe
5040	Unicorn-6317.exe
2536	Unicorn-3172.exe
4824	Unicorn-19582.exe
3896	Unicorn-48725.exe
3908	Unicorn-51678.exe
3312	Unicorn-61884.exe
4116	Unicorn-39006.exe
4992	Unicorn-55534.exe
2060	Unicorn-35668.exe
868	Unicorn-11.exe
2272	Unicorn-38238.exe
2844	Unicorn-18372.exe
3696	Unicorn-21025.exe
3900	Unicorn-54501.exe
228	Unicorn-6829.exe
4256	Unicorn-18951.exe
5080	Unicorn-55262.exe
4404	Unicorn-35396.exe
1464	Unicorn-41806.exe
4864	Unicorn-2811.exe
3416	Unicorn-57566.exe
4376	Unicorn-40088.exe
2184	Unicorn-43150.exe
2796	Unicorn-55957.exe
3084	Unicorn-43342.exe
4268	Unicorn-26430.exe
4508	Unicorn-17499.exe
560	Unicorn-42766.exe
4388	Unicorn-20491.exe
1980	Unicorn-39236.exe
3264	Unicorn-20094.exe
4148	Unicorn-15495.exe
3800	Unicorn-52190.exe
3340	Unicorn-62396.exe
3540	Unicorn-28846.exe
4844	Unicorn-22398.exe
3956	Unicorn-51541.exe
1240	Unicorn-21246.exe
4012	Unicorn-21246.exe
1628	Unicorn-50389.exe
4716	Unicorn-43861.exe
1512	Unicorn-11069.exe
3808	Unicorn-11261.exe
2756	Unicorn-17598.exe
4628	Unicorn-7156.exe
4512	Unicorn-12989.exe
4596	Unicorn-61614.exe
3040	Unicorn-8692.exe
2088	Unicorn-55484.exe
1312	Unicorn-5396.exe
4940	Unicorn-12029.exe
876	Unicorn-46814.exe
208	Unicorn-14141.exe
2940	Unicorn-10804.exe
2704	Unicorn-29601.exe
5132	Unicorn-10228.exe
5156	Unicorn-62766.exe
5164	Unicorn-62766.exe
2576	Unicorn-30405.exe
5200	Unicorn-7243.exe
5208	Unicorn-59045.exe
5376	Unicorn-20686.exe
5404	Unicorn-52709.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
2392	6116	WerFault.exe	187
12020	6612	WerFault.exe	265
13156	8084	WerFault.exe	318
16352	10744	WerFault.exe	503
5328	12404	WerFault.exe	643
5316	13900	WerFault.exe	651
18816	11764	WerFault.exe	592
5276	17048	WerFault.exe	821
5188	17372	WerFault.exe	830
18204	15104	WerFault.exe	741
14124	10244	Process not Found	460
11708	6916	Process not Found	381
1692	10796	Process not Found	469
7524	19024	Process not Found	1269

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe
4692	Unicorn-38782.exe
5040	Unicorn-6317.exe
2536	Unicorn-3172.exe
4824	Unicorn-19582.exe
3896	Unicorn-48725.exe
3908	Unicorn-51678.exe
3312	Unicorn-61884.exe
4116	Unicorn-39006.exe
4992	Unicorn-55534.exe
2060	Unicorn-35668.exe
868	Unicorn-11.exe
3900	Unicorn-54501.exe
2272	Unicorn-38238.exe
3696	Unicorn-21025.exe
2844	Unicorn-18372.exe
228	Unicorn-6829.exe
4256	Unicorn-18951.exe
5080	Unicorn-55262.exe
1464	Unicorn-41806.exe
4864	Unicorn-2811.exe
4376	Unicorn-40088.exe
3416	Unicorn-57566.exe
2796	Unicorn-55957.exe
2184	Unicorn-43150.exe
4508	Unicorn-17499.exe
560	Unicorn-42766.exe
4388	Unicorn-20491.exe
1980	Unicorn-39236.exe
3084	Unicorn-43342.exe
4268	Unicorn-26430.exe
3264	Unicorn-20094.exe
4148	Unicorn-15495.exe
3340	Unicorn-62396.exe
3800	Unicorn-52190.exe
3540	Unicorn-28846.exe
4844	Unicorn-22398.exe
3956	Unicorn-51541.exe
4012	Unicorn-21246.exe
1240	Unicorn-21246.exe
1512	Unicorn-11069.exe
1628	Unicorn-50389.exe
4716	Unicorn-43861.exe
3808	Unicorn-11261.exe
2756	Unicorn-17598.exe
4628	Unicorn-7156.exe
4512	Unicorn-12989.exe
4596	Unicorn-61614.exe
2088	Unicorn-55484.exe
3040	Unicorn-8692.exe
4940	Unicorn-12029.exe
1312	Unicorn-5396.exe
5164	Unicorn-62766.exe
876	Unicorn-46814.exe
5156	Unicorn-62766.exe
5132	Unicorn-10228.exe
2576	Unicorn-30405.exe
2704	Unicorn-29601.exe
2940	Unicorn-10804.exe
5200	Unicorn-7243.exe
208	Unicorn-14141.exe
5208	Unicorn-59045.exe
5376	Unicorn-20686.exe
5404	Unicorn-52709.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4692	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	95
PID 1316 wrote to memory of 4692	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	95
PID 1316 wrote to memory of 4692	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	95
PID 4692 wrote to memory of 5040	4692	Unicorn-38782.exe	98
PID 4692 wrote to memory of 5040	4692	Unicorn-38782.exe	98
PID 4692 wrote to memory of 5040	4692	Unicorn-38782.exe	98
PID 1316 wrote to memory of 2536	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	99
PID 1316 wrote to memory of 2536	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	99
PID 1316 wrote to memory of 2536	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	99
PID 5040 wrote to memory of 4824	5040	Unicorn-6317.exe	102
PID 5040 wrote to memory of 4824	5040	Unicorn-6317.exe	102
PID 5040 wrote to memory of 4824	5040	Unicorn-6317.exe	102
PID 4692 wrote to memory of 3896	4692	Unicorn-38782.exe	103
PID 4692 wrote to memory of 3896	4692	Unicorn-38782.exe	103
PID 4692 wrote to memory of 3896	4692	Unicorn-38782.exe	103
PID 2536 wrote to memory of 3908	2536	Unicorn-3172.exe	105
PID 2536 wrote to memory of 3908	2536	Unicorn-3172.exe	105
PID 2536 wrote to memory of 3908	2536	Unicorn-3172.exe	105
PID 1316 wrote to memory of 3312	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	106
PID 1316 wrote to memory of 3312	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	106
PID 1316 wrote to memory of 3312	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	106
PID 4824 wrote to memory of 4116	4824	Unicorn-19582.exe	107
PID 4824 wrote to memory of 4116	4824	Unicorn-19582.exe	107
PID 4824 wrote to memory of 4116	4824	Unicorn-19582.exe	107
PID 3896 wrote to memory of 4992	3896	Unicorn-48725.exe	109
PID 3896 wrote to memory of 4992	3896	Unicorn-48725.exe	109
PID 3896 wrote to memory of 4992	3896	Unicorn-48725.exe	109
PID 5040 wrote to memory of 2060	5040	Unicorn-6317.exe	110
PID 5040 wrote to memory of 2060	5040	Unicorn-6317.exe	110
PID 5040 wrote to memory of 2060	5040	Unicorn-6317.exe	110
PID 4692 wrote to memory of 868	4692	Unicorn-38782.exe	111
PID 4692 wrote to memory of 868	4692	Unicorn-38782.exe	111
PID 4692 wrote to memory of 868	4692	Unicorn-38782.exe	111
PID 3908 wrote to memory of 2272	3908	Unicorn-51678.exe	112
PID 3908 wrote to memory of 2272	3908	Unicorn-51678.exe	112
PID 3908 wrote to memory of 2272	3908	Unicorn-51678.exe	112
PID 2536 wrote to memory of 2844	2536	Unicorn-3172.exe	113
PID 2536 wrote to memory of 2844	2536	Unicorn-3172.exe	113
PID 2536 wrote to memory of 2844	2536	Unicorn-3172.exe	113
PID 3312 wrote to memory of 3696	3312	Unicorn-61884.exe	114
PID 3312 wrote to memory of 3696	3312	Unicorn-61884.exe	114
PID 3312 wrote to memory of 3696	3312	Unicorn-61884.exe	114
PID 1316 wrote to memory of 3900	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	115
PID 1316 wrote to memory of 3900	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	115
PID 1316 wrote to memory of 3900	1316	d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe	115
PID 4116 wrote to memory of 228	4116	Unicorn-39006.exe	116
PID 4116 wrote to memory of 228	4116	Unicorn-39006.exe	116
PID 4116 wrote to memory of 228	4116	Unicorn-39006.exe	116
PID 4824 wrote to memory of 4256	4824	Unicorn-19582.exe	117
PID 4824 wrote to memory of 4256	4824	Unicorn-19582.exe	117
PID 4824 wrote to memory of 4256	4824	Unicorn-19582.exe	117
PID 4992 wrote to memory of 5080	4992	Unicorn-55534.exe	119
PID 4992 wrote to memory of 5080	4992	Unicorn-55534.exe	119
PID 4992 wrote to memory of 5080	4992	Unicorn-55534.exe	119
PID 3896 wrote to memory of 4404	3896	Unicorn-48725.exe	118
PID 3896 wrote to memory of 4404	3896	Unicorn-48725.exe	118
PID 3896 wrote to memory of 4404	3896	Unicorn-48725.exe	118
PID 2060 wrote to memory of 1464	2060	Unicorn-35668.exe	120
PID 2060 wrote to memory of 1464	2060	Unicorn-35668.exe	120
PID 2060 wrote to memory of 1464	2060	Unicorn-35668.exe	120
PID 5040 wrote to memory of 4864	5040	Unicorn-6317.exe	121
PID 5040 wrote to memory of 4864	5040	Unicorn-6317.exe	121
PID 5040 wrote to memory of 4864	5040	Unicorn-6317.exe	121
PID 868 wrote to memory of 3416	868	Unicorn-11.exe	122

C:\Users\Admin\AppData\Local\Temp\d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe
"C:\Users\Admin\AppData\Local\Temp\d15b332b6d32cdb3575f8a17bae737d5551987e61d37c26e7f2701f50dc06c08.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
        11⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        12⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        12⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        12⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        11⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        11⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        10⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        10⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        10⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        9⤵
        
        PID:14688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        10⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2686.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        9⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        9⤵
        
        PID:17972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        8⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        9⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        8⤵
        
        PID:15500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        9⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26721.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        9⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        9⤵
        
        PID:18400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        8⤵
        
        PID:16620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        9⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
        9⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        8⤵
        
        PID:17956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46709.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        8⤵
        
        PID:16992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        10⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        10⤵
        
        PID:18580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        10⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        9⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        9⤵
        
        PID:19128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        8⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        8⤵
        
        PID:16436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        8⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        8⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        8⤵
        
        PID:14828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        8⤵
        
        PID:18324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        7⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        7⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        8⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        9⤵
        
        PID:16396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        8⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        8⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41204.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        7⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
        7⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        7⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        8⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        7⤵
        
        PID:16572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        6⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        7⤵
        
        PID:16404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        6⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11764 -s 460
        7⤵
        Program crash
        
        PID:18816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        6⤵
        
        PID:15104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15104 -s 464
        7⤵
        Program crash
        
        PID:18204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        6⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5885.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        10⤵
        
        PID:18648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        10⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        10⤵
        
        PID:19044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        9⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        9⤵
        
        PID:19448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        9⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        8⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        8⤵
        
        PID:18620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40844.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        7⤵
        
        PID:19296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
        7⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26462.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        8⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        8⤵
        
        PID:18656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        8⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        7⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        7⤵
        
        PID:16492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        7⤵
        
        PID:18960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        7⤵
        
        PID:19280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        7⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        6⤵
        
        PID:17708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40561.exe
        6⤵
        
        PID:19116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        8⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        9⤵
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        9⤵
        
        PID:18600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        8⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47951.exe
        8⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        7⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        7⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        7⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
        7⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        6⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        6⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
        8⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        8⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        8⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42519.exe
        7⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        7⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        7⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        6⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        7⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        6⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        6⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        7⤵
        
        PID:18616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        6⤵
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
        6⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        5⤵
        
        PID:17700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58350.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        9⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        10⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        10⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        9⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        9⤵
        
        PID:17060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        8⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        9⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        9⤵
        
        PID:18712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        9⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3406.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9031.exe
        8⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        8⤵
        
        PID:16996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        8⤵
        
        PID:18788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        8⤵
        
        PID:16432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        7⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        8⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        8⤵
        
        PID:14380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        8⤵
        
        PID:18596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        7⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        7⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        7⤵
        
        PID:18684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        6⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        7⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64175.exe
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        7⤵
        
        PID:12880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        7⤵
        
        PID:17796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        7⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        6⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        6⤵
        
        PID:18768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        6⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        5⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        6⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 716
        7⤵
        Program crash
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        6⤵
        
        PID:15752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        6⤵
        
        PID:18312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54337.exe
        5⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        8⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23829.exe
        8⤵
        
        PID:18580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        8⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        7⤵
        
        PID:17736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
        7⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
        5⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        6⤵
        
        PID:15160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        5⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        5⤵
        
        PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        6⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22276.exe
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        7⤵
        
        PID:16856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16555.exe
        6⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        7⤵
        
        PID:17728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        6⤵
        
        PID:18820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        6⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        6⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        6⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        5⤵
        
        PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        7⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        6⤵
        
        PID:13848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        6⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        5⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        5⤵
        
        PID:13524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        5⤵
        
        PID:18960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
      4⤵
      PID:18208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        7⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        10⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        9⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        9⤵
        
        PID:16504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
        9⤵
        
        PID:18152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        8⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        8⤵
        
        PID:17160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        8⤵
        
        PID:19352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        8⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        8⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        7⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        7⤵
        
        PID:17172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        7⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        7⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        6⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        7⤵
        
        PID:18332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        6⤵
        
        PID:13940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        6⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
        9⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19898.exe
        9⤵
        
        PID:18896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        8⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        7⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        6⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
        8⤵
        
        PID:18040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        8⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        7⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45647.exe
        7⤵
        
        PID:17220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        6⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54686.exe
        7⤵
        
        PID:18560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56984.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        6⤵
        
        PID:17452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        6⤵
        
        PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        6⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        7⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        7⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7188.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
        6⤵
        
        PID:18388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29477.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        6⤵
        
        PID:19140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44972.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        5⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
        5⤵
        
        PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
      4⤵
      Executes dropped EXE
      PID:4404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        8⤵
        
        PID:16716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        7⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        7⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        7⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        6⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        7⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
        6⤵
        
        PID:15476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
        6⤵
        
        PID:19140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        6⤵
        
        PID:12860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
        6⤵
        
        PID:17184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        6⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47772.exe
        5⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        5⤵
        
        PID:12404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12404 -s 436
        6⤵
        Program crash
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
      4⤵
      PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        6⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        7⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        7⤵
        
        PID:17464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        6⤵
        
        PID:16536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
        6⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        5⤵
        
        PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47900.exe
      4⤵
      PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        5⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        6⤵
        
        PID:17200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
      4⤵
      PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        5⤵
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50913.exe
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
      4⤵
      PID:15116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        8⤵
        
        PID:17592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11831.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        6⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        6⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        6⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        7⤵
        
        PID:18724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        5⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        6⤵
        
        PID:12360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        5⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62254.exe
        6⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        5⤵
        
        PID:8504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        6⤵
        
        PID:19380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        5⤵
        
        PID:12420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        5⤵
        
        PID:8700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        5⤵
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        6⤵
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        6⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      4⤵
      PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        5⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        5⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        5⤵
        
        PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
      4⤵
      PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      4⤵
      PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49662.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        6⤵
        
        PID:17808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
        6⤵
        
        PID:17032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
        5⤵
        
        PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36222.exe
        6⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31876.exe
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        6⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        6⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1323.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        5⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47332.exe
        5⤵
        
        PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        5⤵
        
        PID:12888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        5⤵
        
        PID:17372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17372 -s 464
        6⤵
        Program crash
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
      4⤵
      PID:15396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
      4⤵
      PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        5⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        6⤵
        
        PID:13800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        6⤵
        
        PID:17804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
        6⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9531.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        5⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
        5⤵
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51877.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      4⤵
      PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
      4⤵
      PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
      4⤵
      PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
    3⤵
    PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        5⤵
        
        PID:15120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        5⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        5⤵
        
        PID:12136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
      4⤵
      PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
      4⤵
      PID:13684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
    3⤵
    PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
      4⤵
      PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      4⤵
      PID:14672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
      4⤵
      PID:13900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
    3⤵
    PID:9852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
    3⤵
    PID:13140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        9⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        9⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        9⤵
        
        PID:18664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        8⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        7⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        6⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        8⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        8⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63022.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        7⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 492
        8⤵
        Program crash
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        7⤵
        
        PID:19348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        6⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        7⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        6⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        6⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        6⤵
        
        PID:18976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        6⤵
        
        PID:18248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        6⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        8⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
        8⤵
        
        PID:19180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        7⤵
        
        PID:12080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        7⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        7⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        6⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        6⤵
        
        PID:19144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        7⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        7⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        7⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        7⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        6⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        6⤵
        
        PID:15452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        5⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1264.exe
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        6⤵
        
        PID:18692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
        5⤵
        
        PID:11180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        5⤵
        
        PID:15212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        9⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        8⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41540.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        7⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        7⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        6⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        7⤵
        
        PID:14396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        7⤵
        
        PID:19352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62517.exe
        5⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        6⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        7⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        7⤵
        
        PID:14472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        7⤵
        
        PID:19204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        6⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        7⤵
        
        PID:18168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        6⤵
        
        PID:14656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        6⤵
        
        PID:18124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        5⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        5⤵
        
        PID:17848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        5⤵
        
        PID:6116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 720
        6⤵
        Program crash
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        5⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        5⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
        5⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41177.exe
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
      4⤵
      PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        5⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        6⤵
        
        PID:14184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40303.exe
        5⤵
        
        PID:12280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        5⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14011.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8663.exe
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34910.exe
        7⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        7⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        7⤵
        
        PID:14892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        6⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        6⤵
        
        PID:17944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        6⤵
        
        PID:18100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63381.exe
        5⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        5⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        5⤵
        
        PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        6⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        5⤵
        
        PID:14636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
      4⤵
      PID:10764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      4⤵
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
        6⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        7⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59048.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        6⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62423.exe
        6⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        5⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        6⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
        5⤵
        
        PID:17604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        6⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        5⤵
        
        PID:16700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
      4⤵
      PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
      4⤵
      PID:18788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
      4⤵
      PID:10184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        5⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        5⤵
        
        PID:9644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        5⤵
        
        PID:9656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        5⤵
        
        PID:17048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17048 -s 464
        6⤵
        Program crash
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        5⤵
        
        PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
      4⤵
      PID:16580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7602.exe
      4⤵
      PID:7912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16379.exe
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        5⤵
        
        PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
      4⤵
      PID:11284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
      4⤵
      PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
      4⤵
      PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
    3⤵
    PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65281.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
      4⤵
      PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
      4⤵
      PID:12724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
    3⤵
    PID:12448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
    3⤵
    PID:16684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        8⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        7⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        7⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
        6⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        7⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        7⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1307.exe
        5⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        6⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42353.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        7⤵
        
        PID:7340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        6⤵
        
        PID:17980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        6⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9070.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45143.exe
        5⤵
        
        PID:17088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
        6⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        7⤵
        
        PID:17228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        7⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37447.exe
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        6⤵
        
        PID:18172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        6⤵
        
        PID:18292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        5⤵
        
        PID:19284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        5⤵
        
        PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
      4⤵
      PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37358.exe
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        6⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        5⤵
        
        PID:7640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
      4⤵
      PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        5⤵
        
        PID:18440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
      4⤵
      PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      4⤵
      PID:16448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
      4⤵
      PID:10452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        7⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        6⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        7⤵
        
        PID:18780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        6⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
        5⤵
        
        PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        6⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        5⤵
        
        PID:16412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17902.exe
      4⤵
      PID:12400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
      4⤵
      PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53221.exe
      4⤵
      PID:460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
      4⤵
      PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        6⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        7⤵
        
        PID:18104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        7⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        6⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        6⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        5⤵
        
        PID:15620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        5⤵
        
        PID:7712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        5⤵
        
        PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19788.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
      4⤵
      PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
    3⤵
    PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
      4⤵
      PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        6⤵
        
        PID:18560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        5⤵
        
        PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
      4⤵
      PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
    3⤵
    PID:8084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 632
      4⤵
      Program crash
      PID:13156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
    3⤵
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
    3⤵
    PID:2744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        6⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        7⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        7⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18759.exe
        6⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        6⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        5⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45352.exe
        5⤵
        
        PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46206.exe
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        6⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        5⤵
        
        PID:13892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        5⤵
        
        PID:18428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42284.exe
        6⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        5⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        5⤵
        
        PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42660.exe
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
      4⤵
      PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
      4⤵
      PID:18084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
    3⤵
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
    3⤵
    PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
      4⤵
      PID:15148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
    3⤵
    PID:12392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
    3⤵
    PID:16472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
    3⤵
    PID:12960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      4⤵
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47688.exe
        5⤵
        
        PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        5⤵
        
        PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
      4⤵
      PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29031.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
    3⤵
    PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        5⤵
        
        PID:14900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        5⤵
        
        PID:18692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
      4⤵
      PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
      4⤵
      PID:18016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
    3⤵
    PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
      4⤵
      PID:13900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13900 -s 464
        5⤵
        Program crash
        
        PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
    3⤵
    PID:11456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    3⤵
    PID:16512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    3⤵
    PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        5⤵
        
        PID:14648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49599.exe
        5⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        5⤵
        
        PID:18768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
      4⤵
      PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
      4⤵
      PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
      4⤵
      PID:18588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
    3⤵
    PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      4⤵
      PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
      4⤵
      PID:19076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
    3⤵
    PID:10012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
    3⤵
    PID:14868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
    3⤵
    PID:19028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
    3⤵
    PID:19096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
  2⤵
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
      4⤵
      PID:16316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
    3⤵
    PID:9600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
    3⤵
    PID:14492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
    3⤵
    PID:18588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
    3⤵
    PID:18212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
    3⤵
    PID:3284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
  2⤵
  PID:6316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
    3⤵
    PID:9800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    3⤵
    PID:14268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
    3⤵
    PID:18384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
  2⤵
  PID:10592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
  2⤵
  PID:14628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
  2⤵
  PID:18140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6116 -ip 6116
1⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6612 -ip 6612
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 8084 -ip 8084
1⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10744 -ip 10744
1⤵
PID:16260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6784 -ip 6784
1⤵
PID:18508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 13684 -ip 13684
1⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 11740 -ip 11740
1⤵
PID:18184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16992 -ip 16992
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 11764 -ip 11764
1⤵
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7916 -ip 7916
1⤵
PID:18772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11.exe

Filesize
184KB

MD5
5035cae11eb021db812ef0cfe2145fdb

SHA1
607d40ad421a7e9b02ca2c2a2f42b11f28ea73b5

SHA256
d1b8cbea1d50f35cf625098d82b8db02291627a4c295a7db99fd083b0b4b55bf

SHA512
fd48d516eb15d436bfc2bd970a401dcea0f05861aa61e2a2ef9fcb04b76454d9a3479f41988ca0e4335d14c1a08c1f8961763fcb141b7f620be63cc72d347a29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe

Filesize
184KB

MD5
75e70f01b20eb2b1fb64648c0035847e

SHA1
e5849fe0480f4f23be4158996044dea2e81548ed

SHA256
fc15ce0858c0d4ca7250cfe7f9ab514e5434b7aa7fba814da9d1ecd809077613

SHA512
8b07753d59c392c31759529fa47eadf0e5a155650e07682d6cadef27e1455a32748e1281243439304f3a3c218943e85f816bb8e175532cba21a7c053844a3841

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe

Filesize
184KB

MD5
98960d95d59cc74201ba50d156ce30c6

SHA1
d92b48e15c76830de94a7a445ceef69d5a2d5f82

SHA256
e0c60d193176d8e18b886a0a5479a7b0f29d718d47e91c7af7549513976b19a0

SHA512
5d1c6f218a471fb332d858c8aabe28c5fdee9d00c451f876127d7e258767832e68ae44ade8793446661182638f7649567ac1a18270d67cc7fc5c0547a0ccda4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe

Filesize
184KB

MD5
180529ce3634c7ba8b28de97903ac44c

SHA1
9e5f19cb62f2526ee2b5d5aa7e4d047fc047985e

SHA256
7de63af7cd657cb946875dd44dfdaef48d1287e3a20dd005c8d7727e2f9dcd96

SHA512
5b5c0a3dd7a1a964ffbb23bc93215db0dc4f567b42f616b189f3effd131e257fa972b8b3232ea56e455da7542ee0955a68ac9555526a3798250765ef15f351e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe

Filesize
184KB

MD5
dbee627eb01f3866220eaecbcb568b3b

SHA1
6848ad2576ad2227191728e0f0fd64fab487ae1b

SHA256
6bafc93b23d101606434b06bdff16f509e290f7316c6b563818253255be5159c

SHA512
aa71de826baf28f70baafe4419508b3e581c75e8ad222d01d4f532035899f543d0a2dfd96943b2e16e2553930c623f7086a1883208fac9e575b46b724473a14c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe

Filesize
184KB

MD5
196b0421a85e158af4564bda359910ba

SHA1
04aff098ee596852dd0b4c29fe7363e43f562eb5

SHA256
0282c510f4f48c8d2a6d9c1df6c315dee4964ae1b0294acf34c34ef47db2d181

SHA512
1ad361250b09c01ce8d11345a9079033cf2541b40a6b0773d9ac25adc74e750964d51b0bda5c00ee8e2f2b9f54fd17e2aa6f18064de0907f1572bfd12c3fac38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe

Filesize
184KB

MD5
aa25395f13cf6b156ceca44a13a97a03

SHA1
5e05a017454741b77142763d6043e1d245e1a9d0

SHA256
309f3175d50716c10616725b2f948124f518cb34a84015d62864197fe65ad22f

SHA512
c2df9cc03a5ca3e48097cf4b4642baca06fe24819645bd81c5b07e7aba1a6d8c523ed6004ae7f1404d59a54635c86c14e09494df9b991c5b23b326af00efc2b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe

Filesize
184KB

MD5
37d12067109265ea7ff5b6b1decf2326

SHA1
db1875cc212cb39b67000ba003fb5ebf10a9aa43

SHA256
be4ae20f7049a766ed66ed4261c353b8afba9744d0bb7c737230c960a030b451

SHA512
bb320bc2376a30883b51d5406bdb1c7eb4f4fc3cd9ff568c7ac173d524bd882f50231db290d3bc8b49ead89468127e6a18d5bafd22663169766a5e55ee04cc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe

Filesize
184KB

MD5
073509e5a643ab2e5fef8aad1ae727c0

SHA1
d96f9d6fd0d48ce29f7b1220594398c9b8165529

SHA256
955f32f70b55ca4c9ca0a7470f093350dbef4817808b6b1911943c5f832f9135

SHA512
cba7a9ca4f94496a1b96d4bc5005ef7918a7f88fb0fa8ab9aca00c16d34cbfc9c6f92752b0edc107cdc966f7643d04b96ef1fa2d91828ac2c6057857e4e6bdb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe

Filesize
184KB

MD5
717290e5d51247bbf3e436e0f4e9b770

SHA1
e3d97deb1c0344f6e10a1d855057ec60acc44392

SHA256
607e25f0bdd4a82ff7dd49163fb2f2103f082e04ea5ea060e70478387384286b

SHA512
822ee351327a1bfe30de860fa96f2a8e58b1dd2b78dfc6c0732c86d454eb74e458949b4bd049ecd75c17d49755e61cd7547078f66ece2ef2658bb478f2975032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe

Filesize
184KB

MD5
58b264a9ca569b8fe3911242d1026b38

SHA1
12c068b9c149fd0a4ac43f4069e0942c65e3fb09

SHA256
c38cd1d9f1e6fa46196a44bec202224ce5b429cebe007828fd19f560c7dde7b4

SHA512
473a6c5bc93b172a2403a08c3b432320cefa1f4c6f1c9465d051280f8f51b68e0210d86d677f11281b045c9eb4470b2cce3c18a4289e7c32a986e448103e745f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe

Filesize
184KB

MD5
abcb5f57f41b7676082c55c9ec6f1625

SHA1
b652bdb3a0182a0f38180e221c7cf20c145879d5

SHA256
69c0a0d534cf8de8b8f474f13399199966892dc2f582a12485b6946edbd98f5e

SHA512
add45795abdb9c7fe8583e3df27e9d45cf9f1d160dadded722abe5fd6b952029143dc21957b4bc730f89053139912576099f71168d6beff612e8c865c955f4d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe

Filesize
184KB

MD5
0ee4906d8316179db4c1a17868af447f

SHA1
d8b750be2c060a6b9cee03b8d6fcaa599b67e5bc

SHA256
4261a87400d83fcf33c54dcbf73c9f44fca0dca83b152287d419f0d8e053fe3d

SHA512
9fad6df381fd5328f2c5cadfead2f0705c85830348a6e603318fc457337b41122db7b9d70d97204d20f891323d56b4fef8041936d57a78283c1db61cd986182a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe

Filesize
184KB

MD5
7f9a1ccc3d010e059636e15396cefc39

SHA1
742f6b2f149e17e7e778ec364fc92c9f94c472f3

SHA256
810f9eb49ef938d7c079055eb07be85a3056aab39ba650a41138135ceea69edb

SHA512
1a13cd8d573a42df86882f255f2d02757f8b62a1c152bdf7871ffda3bdaf18449d4ba1bf776201e06917939dd2ca1118f6011f65bf6c47354a7e67aba0db0791

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe

Filesize
184KB

MD5
e203cbff9c8c60942ac0fe0815cc2e37

SHA1
e7c6874d3e7ef7260209c36b3b52392c99ad50a3

SHA256
096a5ef04bdc82ab40f06eaadc6388ee9e7294845d2ef8670912fd9a35ea5a1b

SHA512
df1e2b0ef47982a3c2b46e2d96a663bf48c1191e4e2fc30e5ca70290ed3a2bcc5824844319fa14a6a0953361ac8fb23b5d4b56b551a5f98e68340e3494820110

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe

Filesize
184KB

MD5
63045897360c1ce9272488ed55dd449e

SHA1
ae05ca639afca5caef16ba6ea04a85f3f6b3d273

SHA256
b5a2b392c5514c9fa02a4b2b8955433ff07e43c946c406c49bd54a065a5a7406

SHA512
877065d8d449b15e97a6d159c4987a57ca970e1f28b76d86b68e26db696742f3def24c390d3bf2978e0cf4dfafd50e2a9be9b62275af9fc1986f1f93a2dee1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe

Filesize
184KB

MD5
eaa4e0237c954a300b91bfdc12cfd9cc

SHA1
bcd67de32b40019c84cc8dd0ad450cef044df48e

SHA256
773425a4852a848cad8a14e873c90783bc4d822d46eeddce534919b77ce59de3

SHA512
f652b5e1dff660a21dd9fd5da1c7e39e979b371497e4a7c5d989d3122f37354c7e2c9ca54bb564c3a7e0d77bedda3a050a0bac629a9be0a971130b8a22b04443

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe

Filesize
184KB

MD5
36bda0390d49cf4ada00b3e6a715a481

SHA1
611cdc25af43d5c79c3f4e6b1cb2e4de64cac51c

SHA256
15f90314084392de0fed58909f2472d9908b72545a089dffb6c5e73aa214da2d

SHA512
77955a8c221fdc4081446b704d2bacc127187f8dae85cf1a3ab4390b0bbd18f041cdd4d9c0e9ba224013803bfee36de278a0ddbf1239fe38db7ed76dd41bf8bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe

Filesize
184KB

MD5
f24aadefee55ae2ef5c177f585804654

SHA1
eb2fbf261fa33f65f6c398b0e1aa32c0c349514d

SHA256
82474a3a4d2e4ff67a3516ab2e6317ad926573cfbeeacc55fa958a6215645bea

SHA512
92195a577ace8814005247705eeb2c9282327dcaa7f629c09b9fede21d01f6475153c9be575680b1635faa9241eca5803bd44297901bd0aa79d92076891e53b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe

Filesize
184KB

MD5
8b7e5b53a3aa592fb3de78c7ec70dfe3

SHA1
6adc8f09003494293963a035829241edad4dda80

SHA256
12b7ec80a9683ce1e516b9257d6692b7aaeade5b8c3eb8a2b2cda799f50d07ff

SHA512
50d2e056ec460591a15e180bc3f0bde1a8160ef3483a5c170de1ecbc9b0757309c0a4d62b822349292a261c4d4bf7544ce0c34263635e9b7d3b68d0b90efcc1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe

Filesize
184KB

MD5
aa465dd68a5d1321f2722fc0573a1b32

SHA1
2b51e02952527522585dcdf1d6ba4479d8373054

SHA256
35bc0ae4edae67c853275664e511f86671f5a28cc3c42eb02582ad431ad8c3da

SHA512
5f87aa113510de27786d8d2ecf44c8c2ce787d83dd1d20163122ed866ecc1e5c9987d16b323169bf0409daf18ae39731a0a4d585387e11b6346b61dcfd18a965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe

Filesize
184KB

MD5
011e43a50339f6c33bc2615ee65ed3b9

SHA1
07901607ab62de50b7e6cf1f081ee53b48e30151

SHA256
2f03a9e4a5226127083810562e6ea81c789f2882f288d20b136814abdb7f5bd0

SHA512
14e16545db9998eef262954624442d7df90781513cd290c53995709ba5075826487b138d70637393117dd07da48b98cc15d31150f3f619abe7dc3ffac2c78c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe

Filesize
184KB

MD5
79eed448ddcb7821b25624baca65d5cc

SHA1
6a62c31a2ac6cd774b70354b786658e24cb3a7f8

SHA256
3ea155ae5844659512716d1a93ce5cfb05009465d4a9487f0fd208ff58a61828

SHA512
09d851bb9f9867b9da8277e1beacb21b579237c01236422aae216754f53de9f1ecbf37b600e9dfe05db1b64ad9a7f44f20de5362058309e2acd524efc76a0656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe

Filesize
184KB

MD5
e57239acb13d88bab8905cb0ead38bcd

SHA1
bed662b3cdbf627e85ed1e6cc6d39663b454ca3f

SHA256
a0fa8ee26fb52d0ba166b1e5ae379a3b8b11cf5859f8da1de344de8e9e9239f5

SHA512
78089f55c485cace3568791f9561b17508071fe18502502e66ff70d86ef50b6b0591d81a854231c9352dbd09fcaf4d243572258ee05dd2eb9ebb8995f12ca050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe

Filesize
184KB

MD5
9a6d7083bf1b8b1d9a968a2141f2fba1

SHA1
e92317315b883f2fe69951704c179b8d07af6dc2

SHA256
78b90d47b91995fb74c963c4749af409056d961c1ec356e1470413e3fa6de0c5

SHA512
53f1785666870cc8c5d06134cb6d9180dd37c6910da2a5ebbbf8f8270efd54a208239df653ad1b8d8b6f22b89fd0a0022883315c0cbb3a2d5c881cc84a885b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe

Filesize
184KB

MD5
d3452e374c52896a0c692b1c1683a176

SHA1
44ca876fe7d59930ba59769d434737ac57532db4

SHA256
d74410c682414b739f97e606346c98e233ce3bcb828267cae862ca67f192a659

SHA512
ac51f673b70e656a3fb0a797fb410640497951d0138699de0f8f47365299cf502fd1ce79b0a8d79e85e28031f6735009bf41a91cb5ed2105b954ef72b04f987c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48725.exe

Filesize
184KB

MD5
05d7c4731a0d2e3aec858ac8cc4e5fbd

SHA1
d5fd8bf7675e26b61f157941b9c90bca08e37364

SHA256
562494e10e6e609bb77b0e40dfdef41fcd6c4b6f28b5c7a3cda58c2f85326c9c

SHA512
18735190d2af7e141b4a918175dfbbd932cfb19b02a301e2803d11ae691aea8cf2c03ac6cbee95264b706f4587029ad525ef20f4d463cbac9e6775c2d59ce7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe

Filesize
184KB

MD5
14c681492acccc84a121e0fa5ee739ff

SHA1
a03ec885af3422fffc9b79788d7b7d764ab3c357

SHA256
2050f6e42ff8b57409347223122d1c675a33536919b6afd076bfbfed0c51df5c

SHA512
d660f4ce20bdd88a31450aadc5fc8e5a7948fd660f1c80051b3751db1a1c006b8dc85cabc2e3b0b5d8099f0f723162b0608a9a5fcc3d7dc2041bc65368d58a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe

Filesize
184KB

MD5
b59afdb823f6e284afdf47e040068000

SHA1
dfbb127a12db1822f1d2f382afea923bc60d956e

SHA256
8c1df9da19b1c3d3290d12dd8c40988113988f7b1af46b67d5b24616837bbcaf

SHA512
2fcb35c84a7e85bbf0f203bb5e4e1f21bafe9f3240d1e1ab7cf55a2692d001789a111f31c7eb1775a77b6de801e4b9c7bf79a499de2da50dd05454148468d0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe

Filesize
184KB

MD5
f94823ad7585901f2d3230898e97fbc5

SHA1
200deeab3da253c38eeb1f1e7a849bcbb8ac7031

SHA256
d1b5d530e81f5c24b50be0d5bded1d45f1e91eb5e30192df976dcf7037475120

SHA512
ae5a07c47c10058124a62be1663c5e1f668b69fa51933fe5b80ddae9acb6a15254e466f01d17b9f03f070121163abfa24f5bc12ea6cf97eb7c862b61b5c83d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe

Filesize
184KB

MD5
c1662e3b677e46d842e4b771e29b277d

SHA1
8dfc57534f193fbd6f8c72f889b702652e709796

SHA256
5394c64a125ef4ccc5711b2c232b7fb7d2fd9a9e7e9ba70e4bbf9d3ee5ae9359

SHA512
1c06b8d86de9327a4d749075da206894f51685322c7f3850b97f7fda24a6758f1d455b2173f9c67d3d2e986a768f7b0d1aec537dbf58bb1e0e54b2a9231b6d75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe

Filesize
184KB

MD5
46eb6c6392e2c0b4922c23d9631b15d2

SHA1
3b424931e6031e23f1c6308c27c0cd16c6c4884d

SHA256
e33c3e5fc4e61be82a8ae0d99742063c5e0d253e1e0f084309bbc9dcb31d4295

SHA512
e423cb9a27f3b8085408f9196387dc8dcb8ea41e2d6e764bf81d84c6fbd497418ebbcdb9441186a7d55f15ed3d2a08e6aa1ab3ad6b2f85763e4d51c780e3e29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe

Filesize
184KB

MD5
f2a536977c8fb4fd24ac5ad31d3be728

SHA1
ad7fd4a3e9a59fad76b6d92584641bbfcca3a1ef

SHA256
abffd6ad74b164814fc552d9227e6f068976378c0fa72a30f00f8d8a6ad34f29

SHA512
46e59881770dfd8bf0a2513416c95f0ccc20ca0230bda76538996963ab1063f565182455ca341073d2f2db0ceb624a58fafb5efdbed29836f549724b28fb9dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe

Filesize
184KB

MD5
96ccf6595631c45e75c2153afbfd96f4

SHA1
a6439d8d2512254017be9ebf87975d0109b69cf9

SHA256
573904651c19dbc53d68ac7ac41cd2f224a5fb5777d7c6cdc07dd0c583692fcd

SHA512
225fad505d38c0fa665adbc7613d43917faa74af1b138ce9c3049c85301422dd711d94d6c7cb49cdb20f5a78726c9cef79054eb89eebf49ba268ef5af4535f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe

Filesize
184KB

MD5
05ed44b2f0e8b99c4444cee109f5d083

SHA1
02bfdae9b865672ff4ffaa835b03d6187fa7108d

SHA256
6981bc4d1097d8d7fc946fdf3134cf3b7414cc860fcf91ed9375248c43d3c688

SHA512
dde5d2041404d5dc4a0811a65b3c771a8192711ba43ef8c846076517aa0728d5cd00c0b9398abb279467ac4edc4b57a45847f442317becca37e677c25806f790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe

Filesize
184KB

MD5
2a47b4bc0ad849c1a4610a30926607ea

SHA1
6aec352f671e0bb68375824e137cc7db6c8a7b55

SHA256
760d810d871440eb270c1dab23f322b66fc29d344d72afc0ed3d3be8e4b8c65b

SHA512
c0ce1799d577cb1d1b0ecd9aa326ea1c021c4f71f8a42b7090dae13a3310e34a6318b5ed4436878957415b8f8ee9d5e645a5aaab05d4f01c95e094e040c6ef0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe

Filesize
184KB

MD5
401b7f893f90508a17e6be560c5eba76

SHA1
c8c96cdd634cef567116f082962424d1eab414ed

SHA256
562f9a5cb52486868f613d194b977776dd5309b0be348799638af637659aafa2

SHA512
5c19179cdcecbe8747c060f85bc707e973e0d00009b72c5dff1dd424c697866bbd0bcdc91d2466e6e78c0ab921826024d64ed9d21fc31739194758f20bcf62aa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads