2244ed4215982f164293b261359d16f6cdd972af485e390bd0827a0aac429128

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe
Size

184KB
MD5

bccdc5d6afaffb95309dfe5bcd6a6e90
SHA1

8b541402b7296bc1e8599f3f2e02d136206536a9
SHA256

2244ed4215982f164293b261359d16f6cdd972af485e390bd0827a0aac429128
SHA512

99aad6ea1c2f16dee32cb04d1964c065e47539f327edc89aeb7098c7d4a1f85836b56e4c4f02b9682ff2897b6beb2e664658e8d8dbcd4af88312431506c88352
SSDEEP

3072:MR0aZCo0y5vRdfntZ7F8t5X0lvnqnveuB:MR+odffnR8bX0lPqnveu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1668	Unicorn-4690.exe
4532	Unicorn-56989.exe
432	Unicorn-10481.exe
1428	Unicorn-33445.exe
3796	Unicorn-33445.exe
4960	Unicorn-18431.exe
1744	Unicorn-1440.exe
2544	Unicorn-8530.exe
4440	Unicorn-12614.exe
8	Unicorn-47425.exe
4260	Unicorn-62370.exe
1276	Unicorn-14652.exe
2200	Unicorn-20783.exe
2388	Unicorn-55328.exe
396	Unicorn-917.exe
1908	Unicorn-28505.exe
4656	Unicorn-16807.exe
760	Unicorn-14114.exe
4076	Unicorn-53009.exe
1660	Unicorn-10585.exe
4932	Unicorn-21520.exe
2284	Unicorn-14669.exe
3064	Unicorn-7627.exe
3100	Unicorn-30451.exe
832	Unicorn-42703.exe
3396	Unicorn-46787.exe
4072	Unicorn-9930.exe
4944	Unicorn-34535.exe
2364	Unicorn-279.exe
860	Unicorn-14014.exe
876	Unicorn-7892.exe
1448	Unicorn-11758.exe
2776	Unicorn-11758.exe
2068	Unicorn-19927.exe
1520	Unicorn-19927.exe
3144	Unicorn-42293.exe
4756	Unicorn-13604.exe
2468	Unicorn-52499.exe
724	Unicorn-8037.exe
5028	Unicorn-38763.exe
1304	Unicorn-16205.exe
2032	Unicorn-42869.exe
3248	Unicorn-48991.exe
4620	Unicorn-34509.exe
2272	Unicorn-7866.exe
556	Unicorn-11950.exe
3836	Unicorn-64274.exe
4640	Unicorn-61706.exe
3536	Unicorn-39147.exe
3492	Unicorn-1644.exe
1860	Unicorn-5728.exe
4812	Unicorn-24757.exe
3084	Unicorn-13896.exe
3612	Unicorn-24757.exe
3008	Unicorn-13896.exe
5004	Unicorn-56610.exe
2060	Unicorn-31001.exe
4924	Unicorn-22070.exe
2124	Unicorn-41861.exe
3268	Unicorn-28954.exe
3448	Unicorn-17981.exe
440	Unicorn-56875.exe
3136	Unicorn-61919.exe
968	Unicorn-15411.exe

Program crash 38 IoCs

pid	pid_target	Process	procid_target
9416	8264	WerFault.exe	396
11216	8248	WerFault.exe	541
17388	14860	WerFault.exe	708
17376	15136	WerFault.exe	711
16800	15232	WerFault.exe	716
17364	13672	WerFault.exe	733
3636	15324	WerFault.exe	722
16412	14740	WerFault.exe	738
4804	15412	WerFault.exe	745
17080	15444	WerFault.exe	747
4996	15708	WerFault.exe	753
224	15508	WerFault.exe	752
428	15380	WerFault.exe	744
5000	16152	WerFault.exe	771
5480	16144	WerFault.exe	770
2548	15948	WerFault.exe	759
5684	16276	WerFault.exe	782
17348	16152	WerFault.exe	771
17364	1556	WerFault.exe	790
13952	15844	WerFault.exe	792
4980	16160	WerFault.exe	797
1708	15904	WerFault.exe	755
17284	15860	WerFault.exe	793
6040	16264	WerFault.exe	781
5616	16416	WerFault.exe	810
5816	4332	WerFault.exe	806
12084	17096	Process not Found	1080
11988	4368	Process not Found	1034
15812	16020	Process not Found	1054
264	2036	Process not Found	1051
15132	5188	Process not Found	1044
10464	15296	Process not Found	1090
540	11000	Process not Found	1116
8268	5528	Process not Found	1081
14924	15156	Process not Found	1092
17060	9640	Process not Found	1149
13624	15308	Process not Found	1048
14072	7324	Process not Found	1131

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	7544	dwm.exe
Token: SeChangeNotifyPrivilege	7544	dwm.exe
Token: 33	7544	dwm.exe
Token: SeIncBasePriorityPrivilege	7544	dwm.exe
Token: SeCreateGlobalPrivilege	12216	Process not Found
Token: SeChangeNotifyPrivilege	12216	Process not Found
Token: 33	12216	Process not Found
Token: SeIncBasePriorityPrivilege	12216	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe
1668	Unicorn-4690.exe
432	Unicorn-10481.exe
4532	Unicorn-56989.exe
3796	Unicorn-33445.exe
4960	Unicorn-18431.exe
1428	Unicorn-33445.exe
1744	Unicorn-1440.exe
2544	Unicorn-8530.exe
4440	Unicorn-12614.exe
8	Unicorn-47425.exe
2388	Unicorn-55328.exe
4260	Unicorn-62370.exe
1276	Unicorn-14652.exe
2200	Unicorn-20783.exe
396	Unicorn-917.exe
1908	Unicorn-28505.exe
4656	Unicorn-16807.exe
760	Unicorn-14114.exe
4076	Unicorn-53009.exe
1660	Unicorn-10585.exe
4932	Unicorn-21520.exe
3064	Unicorn-7627.exe
3100	Unicorn-30451.exe
832	Unicorn-42703.exe
3396	Unicorn-46787.exe
4944	Unicorn-34535.exe
4072	Unicorn-9930.exe
2364	Unicorn-279.exe
876	Unicorn-7892.exe
860	Unicorn-14014.exe
2284	Unicorn-14669.exe
1448	Unicorn-11758.exe
2776	Unicorn-11758.exe
1520	Unicorn-19927.exe
2068	Unicorn-19927.exe
3144	Unicorn-42293.exe
4756	Unicorn-13604.exe
2468	Unicorn-52499.exe
5028	Unicorn-38763.exe
724	Unicorn-8037.exe
1304	Unicorn-16205.exe
2032	Unicorn-42869.exe
3248	Unicorn-48991.exe
4620	Unicorn-34509.exe
556	Unicorn-11950.exe
2272	Unicorn-7866.exe
3836	Unicorn-64274.exe
3536	Unicorn-39147.exe
1860	Unicorn-5728.exe
3492	Unicorn-1644.exe
4812	Unicorn-24757.exe
4640	Unicorn-61706.exe
3084	Unicorn-13896.exe
2060	Unicorn-31001.exe
440	Unicorn-56875.exe
3268	Unicorn-28954.exe
2124	Unicorn-41861.exe
3612	Unicorn-24757.exe
4924	Unicorn-22070.exe
3008	Unicorn-13896.exe
3448	Unicorn-17981.exe
5004	Unicorn-56610.exe
3136	Unicorn-61919.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 1668	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	87
PID 4000 wrote to memory of 1668	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	87
PID 4000 wrote to memory of 1668	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	87
PID 1668 wrote to memory of 4532	1668	Unicorn-4690.exe	88
PID 1668 wrote to memory of 4532	1668	Unicorn-4690.exe	88
PID 1668 wrote to memory of 4532	1668	Unicorn-4690.exe	88
PID 4000 wrote to memory of 432	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	89
PID 4000 wrote to memory of 432	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	89
PID 4000 wrote to memory of 432	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	89
PID 432 wrote to memory of 3796	432	Unicorn-10481.exe	91
PID 4532 wrote to memory of 1428	4532	Unicorn-56989.exe	90
PID 432 wrote to memory of 3796	432	Unicorn-10481.exe	91
PID 432 wrote to memory of 3796	432	Unicorn-10481.exe	91
PID 4532 wrote to memory of 1428	4532	Unicorn-56989.exe	90
PID 4532 wrote to memory of 1428	4532	Unicorn-56989.exe	90
PID 1668 wrote to memory of 4960	1668	Unicorn-4690.exe	92
PID 1668 wrote to memory of 4960	1668	Unicorn-4690.exe	92
PID 1668 wrote to memory of 4960	1668	Unicorn-4690.exe	92
PID 4000 wrote to memory of 1744	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	93
PID 4000 wrote to memory of 1744	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	93
PID 4000 wrote to memory of 1744	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	93
PID 3796 wrote to memory of 2544	3796	Unicorn-33445.exe	94
PID 3796 wrote to memory of 2544	3796	Unicorn-33445.exe	94
PID 3796 wrote to memory of 2544	3796	Unicorn-33445.exe	94
PID 4960 wrote to memory of 4440	4960	Unicorn-18431.exe	95
PID 4960 wrote to memory of 4440	4960	Unicorn-18431.exe	95
PID 4960 wrote to memory of 4440	4960	Unicorn-18431.exe	95
PID 1428 wrote to memory of 8	1428	Unicorn-33445.exe	96
PID 1428 wrote to memory of 8	1428	Unicorn-33445.exe	96
PID 1428 wrote to memory of 8	1428	Unicorn-33445.exe	96
PID 432 wrote to memory of 4260	432	Unicorn-10481.exe	97
PID 432 wrote to memory of 4260	432	Unicorn-10481.exe	97
PID 432 wrote to memory of 4260	432	Unicorn-10481.exe	97
PID 1668 wrote to memory of 1276	1668	Unicorn-4690.exe	98
PID 1668 wrote to memory of 1276	1668	Unicorn-4690.exe	98
PID 1668 wrote to memory of 1276	1668	Unicorn-4690.exe	98
PID 1744 wrote to memory of 2200	1744	Unicorn-1440.exe	99
PID 1744 wrote to memory of 2200	1744	Unicorn-1440.exe	99
PID 1744 wrote to memory of 2200	1744	Unicorn-1440.exe	99
PID 4000 wrote to memory of 2388	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	101
PID 4000 wrote to memory of 2388	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	101
PID 4000 wrote to memory of 2388	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	101
PID 4532 wrote to memory of 396	4532	Unicorn-56989.exe	100
PID 4532 wrote to memory of 396	4532	Unicorn-56989.exe	100
PID 4532 wrote to memory of 396	4532	Unicorn-56989.exe	100
PID 2544 wrote to memory of 1908	2544	Unicorn-8530.exe	102
PID 2544 wrote to memory of 1908	2544	Unicorn-8530.exe	102
PID 2544 wrote to memory of 1908	2544	Unicorn-8530.exe	102
PID 3796 wrote to memory of 4656	3796	Unicorn-33445.exe	103
PID 3796 wrote to memory of 4656	3796	Unicorn-33445.exe	103
PID 3796 wrote to memory of 4656	3796	Unicorn-33445.exe	103
PID 2388 wrote to memory of 760	2388	Unicorn-55328.exe	104
PID 2388 wrote to memory of 760	2388	Unicorn-55328.exe	104
PID 2388 wrote to memory of 760	2388	Unicorn-55328.exe	104
PID 8 wrote to memory of 4076	8	Unicorn-47425.exe	105
PID 8 wrote to memory of 4076	8	Unicorn-47425.exe	105
PID 8 wrote to memory of 4076	8	Unicorn-47425.exe	105
PID 1428 wrote to memory of 1660	1428	Unicorn-33445.exe	106
PID 1428 wrote to memory of 1660	1428	Unicorn-33445.exe	106
PID 1428 wrote to memory of 1660	1428	Unicorn-33445.exe	106
PID 4960 wrote to memory of 2284	4960	Unicorn-18431.exe	109
PID 4960 wrote to memory of 2284	4960	Unicorn-18431.exe	109
PID 4960 wrote to memory of 2284	4960	Unicorn-18431.exe	109
PID 4000 wrote to memory of 4932	4000	bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe	107

C:\Users\Admin\AppData\Local\Temp\bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bccdc5d6afaffb95309dfe5bcd6a6e90_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:8
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61919.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        10⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        10⤵
        
        PID:14552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        10⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        9⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        9⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        9⤵
        
        PID:15456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        9⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        9⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
        8⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        8⤵
        
        PID:16160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16160 -s 464
        9⤵
        Program crash
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        7⤵
        Executes dropped EXE
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        9⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        8⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 464
        9⤵
        Program crash
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        8⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13784.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        8⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        8⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35121.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
        9⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55168.exe
        9⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        9⤵
        
        PID:16032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        9⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        8⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        8⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        8⤵
        
        PID:16236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65012.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        7⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        7⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        8⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        8⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        8⤵
        
        PID:15904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15904 -s 464
        9⤵
        Program crash
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        7⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        7⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        7⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        6⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        7⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        7⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18676.exe
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        9⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        9⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        9⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        8⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        8⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        8⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        8⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        8⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        8⤵
        
        PID:16048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        8⤵
        
        PID:16612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36398.exe
        7⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        7⤵
        
        PID:16120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        7⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        8⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        8⤵
        
        PID:14496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        7⤵
        
        PID:16164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        6⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10466.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        7⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        7⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33677.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        6⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        8⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        7⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        7⤵
        
        PID:16216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        7⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        7⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        6⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62038.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26253.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        7⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        7⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
        7⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43475.exe
        6⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        6⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7592.exe
        5⤵
        
        PID:6472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        6⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32388.exe
        5⤵
        
        PID:4332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 464
        6⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        9⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        9⤵
        
        PID:12196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        9⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        9⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        9⤵
        
        PID:16548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
        8⤵
        
        PID:13868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        8⤵
        
        PID:17104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        8⤵
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        8⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        7⤵
        
        PID:15948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15948 -s 452
        8⤵
        Program crash
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        7⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        7⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        7⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        6⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        6⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        8⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        8⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        7⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        7⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        6⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        7⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38981.exe
        6⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        5⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        5⤵
        
        PID:13976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        7⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        8⤵
        
        PID:13432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        7⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        7⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        7⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        6⤵
        
        PID:10856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-954.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        5⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        5⤵
        
        PID:15964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      PID:228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        5⤵
        
        PID:10864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        5⤵
        
        PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
      4⤵
      PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14033.exe
      4⤵
      PID:16144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16144 -s 464
        5⤵
        Program crash
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
      4⤵
      PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        9⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        9⤵
        
        PID:15352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        9⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        8⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        8⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        8⤵
        
        PID:15844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15844 -s 464
        9⤵
        Program crash
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
        6⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        8⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        8⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        7⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15506.exe
        6⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        6⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        8⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        8⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        8⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        7⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        6⤵
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        7⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        7⤵
        
        PID:16484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        7⤵
        
        PID:15380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15380 -s 464
        8⤵
        Program crash
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        7⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        6⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        6⤵
        
        PID:11004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        5⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        7⤵
        
        PID:13224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        7⤵
        
        PID:16416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16416 -s 460
        8⤵
        Program crash
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        7⤵
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        6⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        6⤵
        
        PID:14004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11514.exe
        6⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        6⤵
        
        PID:13484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        5⤵
        
        PID:17296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44700.exe
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
      4⤵
      PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
      4⤵
      PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
      4⤵
      PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40975.exe
        8⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        8⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14990.exe
        8⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        8⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
        7⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        7⤵
        
        PID:16864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        7⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        6⤵
        
        PID:13472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        6⤵
        
        PID:16840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        6⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
        7⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        7⤵
        
        PID:15232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15232 -s 460
        8⤵
        Program crash
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
        7⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2189.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        6⤵
        
        PID:12816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:15868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3568.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        5⤵
        
        PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        5⤵
        
        PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
        7⤵
        
        PID:16172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        7⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        6⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        5⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6922.exe
        6⤵
        
        PID:15708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15708 -s 464
        7⤵
        Program crash
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        6⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        5⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        5⤵
        
        PID:16808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      4⤵
      PID:10972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
      4⤵
      PID:14848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
      4⤵
      PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        6⤵
        
        PID:14472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2268.exe
        5⤵
        
        PID:15444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15444 -s 464
        6⤵
        Program crash
        
        PID:17080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        5⤵
        
        PID:14524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        5⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60134.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
      4⤵
      PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
      4⤵
      PID:17352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        5⤵
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
      4⤵
      PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2723.exe
      4⤵
      PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
      4⤵
      PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
    3⤵
    PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
      4⤵
      PID:11976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      4⤵
      PID:15332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      4⤵
      PID:15724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
    3⤵
    PID:8240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
    3⤵
    PID:12188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
    3⤵
    PID:14948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
    3⤵
    PID:15640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
    3⤵
    PID:6800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24971.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        9⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        10⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        10⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        9⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        9⤵
        
        PID:14740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14740 -s 472
        10⤵
        Program crash
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        8⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        8⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        8⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15324 -s 460
        9⤵
        Program crash
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7338.exe
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        8⤵
        
        PID:13676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2684.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        7⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        7⤵
        
        PID:16800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        7⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        6⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        7⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19839.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        8⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 444
        9⤵
        Program crash
        
        PID:17364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        7⤵
        
        PID:16060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47027.exe
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13558.exe
        7⤵
        
        PID:16944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23146.exe
        5⤵
        
        PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        6⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        8⤵
        
        PID:14860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14860 -s 464
        9⤵
        Program crash
        
        PID:17388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        7⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        7⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        6⤵
        
        PID:16264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16264 -s 464
        7⤵
        Program crash
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        7⤵
        
        PID:16300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        7⤵
        
        PID:16428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        6⤵
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        5⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        6⤵
        
        PID:14800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        6⤵
        
        PID:15880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45989.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41283.exe
        5⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        7⤵
        
        PID:15136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15136 -s 452
        8⤵
        Program crash
        
        PID:17376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        6⤵
        
        PID:13356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        6⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        6⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        6⤵
        
        PID:8292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        6⤵
        
        PID:15412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15412 -s 452
        7⤵
        Program crash
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        6⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        5⤵
        
        PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        5⤵
        
        PID:15496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
      4⤵
      PID:516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        6⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        5⤵
        
        PID:15508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15508 -s 464
        6⤵
        Program crash
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
        5⤵
        
        PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
      4⤵
      PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
      4⤵
      PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        8⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24172.exe
        6⤵
        
        PID:14528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        6⤵
        
        PID:16940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        7⤵
        
        PID:12900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        7⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        6⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31188.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        6⤵
        
        PID:16108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        5⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        5⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        7⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        6⤵
        
        PID:16516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        6⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        6⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5531.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2941.exe
        5⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31442.exe
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        5⤵
        
        PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        5⤵
        
        PID:13672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13672 -s 464
        6⤵
        Program crash
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
      4⤵
      PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8589.exe
      4⤵
      PID:16220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63423.exe
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        5⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
        5⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        6⤵
        
        PID:15192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        6⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      4⤵
      PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
      4⤵
      PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
      4⤵
      PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        5⤵
        
        PID:15932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
      4⤵
      PID:13124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      4⤵
      PID:13044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41512.exe
      4⤵
      PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52293.exe
      4⤵
      PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13071.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54741.exe
      4⤵
      PID:16020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
    3⤵
    PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
    3⤵
    PID:11196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
    3⤵
    PID:14560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
    3⤵
    PID:16044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        7⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        7⤵
        
        PID:15492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        6⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21991.exe
        5⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        7⤵
        
        PID:12944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        7⤵
        
        PID:17304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        6⤵
        
        PID:12620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        6⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        5⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35755.exe
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2382.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43181.exe
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        6⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        6⤵
        
        PID:12380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49147.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
      4⤵
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        5⤵
        
        PID:11236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
      4⤵
      PID:6264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
      4⤵
      PID:11460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65019.exe
      4⤵
      PID:15892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        5⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
        6⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        6⤵
        
        PID:13456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:17136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
        6⤵
        
        PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        5⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        5⤵
        
        PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        6⤵
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        5⤵
        
        PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
      4⤵
      PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        5⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53151.exe
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
      4⤵
      PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
      4⤵
      PID:17212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48991.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      4⤵
      PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62333.exe
        5⤵
        
        PID:12520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        5⤵
        
        PID:15372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39033.exe
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40285.exe
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        5⤵
        
        PID:15272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
      4⤵
      PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
      4⤵
      PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
        5⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        5⤵
        
        PID:16424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
      4⤵
      PID:11576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9371.exe
      4⤵
      PID:16152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16152 -s 440
        5⤵
        Program crash
        
        PID:5000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16152 -s 476
        5⤵
        Program crash
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
      4⤵
      PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
    3⤵
    PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    3⤵
    PID:10312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
    3⤵
    PID:13752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
    3⤵
    PID:17196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
    3⤵
    PID:15224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        5⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        6⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        7⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        6⤵
        
        PID:16276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16276 -s 436
        7⤵
        Program crash
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        5⤵
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19868.exe
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        5⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2962.exe
        5⤵
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37777.exe
      4⤵
      PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39143.exe
        5⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        6⤵
        
        PID:7180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        6⤵
        
        PID:14772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40185.exe
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        5⤵
        
        PID:15480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20484.exe
      4⤵
      PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
      4⤵
      PID:17244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
      4⤵
      PID:15156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        6⤵
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        5⤵
        
        PID:9596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        5⤵
        
        PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
      4⤵
      PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
      4⤵
      PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
      4⤵
      PID:16832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        5⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
      4⤵
      PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24131.exe
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
    3⤵
    PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
      4⤵
      PID:8248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 248
        5⤵
        Program crash
        
        PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
      4⤵
      PID:17368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
    3⤵
    PID:9188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
    3⤵
    PID:700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
    3⤵
    PID:16212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        6⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        6⤵
        
        PID:16848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46153.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        5⤵
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        5⤵
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
      4⤵
      PID:9992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
      4⤵
      PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
      4⤵
      PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        5⤵
        
        PID:15860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15860 -s 456
        6⤵
        Program crash
        
        PID:17284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        5⤵
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      4⤵
      PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
      4⤵
      PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
      4⤵
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
    3⤵
    PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
    3⤵
    PID:10884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
    3⤵
    PID:11596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    3⤵
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        5⤵
        
        PID:15300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64542.exe
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      4⤵
      PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
      4⤵
      PID:15324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
    3⤵
    PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
    3⤵
    PID:10812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
    3⤵
    PID:14984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
    3⤵
    PID:6908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
  2⤵
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56377.exe
    3⤵
    PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
      4⤵
      PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      4⤵
      PID:17368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
    3⤵
    PID:9912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
    3⤵
    PID:13992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
    3⤵
    PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
    3⤵
    PID:16348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39850.exe
  2⤵
  PID:7116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
  2⤵
  PID:10976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
  2⤵
  PID:14332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
  2⤵
  PID:17252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
  2⤵
  PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 8264 -ip 8264
1⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8248 -ip 8248
1⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 15136 -ip 15136
1⤵
PID:17328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 14860 -ip 14860
1⤵
PID:17340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 13532 -ip 13532
1⤵
PID:16672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 15316 -ip 15316
1⤵
PID:16712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 15292 -ip 15292
1⤵
PID:16752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 13512 -ip 13512
1⤵
PID:16916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 13612 -ip 13612
1⤵
PID:16776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 15284 -ip 15284
1⤵
PID:16936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 13672 -ip 13672
1⤵
PID:16816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 15412 -ip 15412
1⤵
PID:17288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 15300 -ip 15300
1⤵
PID:17348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 14740 -ip 14740
1⤵
PID:17332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 14752 -ip 14752
1⤵
PID:16768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 15444 -ip 15444
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 15708 -ip 15708
1⤵
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 15948 -ip 15948
1⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 15492 -ip 15492
1⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16220 -ip 16220
1⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 16152 -ip 16152
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 15964 -ip 15964
1⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 15904 -ip 15904
1⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 16264 -ip 16264
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 15372 -ip 15372
1⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 16228 -ip 16228
1⤵
PID:17336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 15956 -ip 15956
1⤵
PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 15964 -ip 15964
1⤵
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 16180 -ip 16180
1⤵
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 16164 -ip 16164
1⤵
PID:14568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 4772 -ip 4772
1⤵
PID:17264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 16428 -ip 16428
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 16292 -ip 16292
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 16484 -ip 16484
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5024 -ip 5024
1⤵
PID:17308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2700 -ip 2700
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6588 -ip 6588
1⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 16080 -ip 16080
1⤵
PID:17344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 16704 -ip 16704
1⤵
PID:3348

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:7544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe

Filesize
184KB

MD5
a9250eaf2de8c5207edace25f4f37726

SHA1
862238f4dd4fd0710e29544d1168b536787371b6

SHA256
05e86d4d986fe705d815f82f3bc140c23d43200551151cd42b22890826843d82

SHA512
3d8c0cd75758464ef7457dfd96caaaa41dafb8baa30ed49d20d0edfeaa15c31c2c2f9f7e00ac8fe2fe60bb6765cc1168dd68f66634121255499da6e32f0f22ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe

Filesize
184KB

MD5
776faa02dfc835e2a0cbb6d3b55ef3c2

SHA1
87eb676b64a4b4a76ca749431e3f0138615b2dfb

SHA256
06e9fa6d6dce63c8b61c88abb8fd81b621d984d7d061501f4a7b8008498679d7

SHA512
aa345406bbb318bd5daf6a4cacf4fec2b3525f96e04b50032595121f6a67e09ac546fab89b8916bb0f54e51a56ee39174b8cea03e9525c46b8d55417be7982ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe

Filesize
184KB

MD5
f7a7cb07ba6b76b40ad5084428f2d96d

SHA1
d0f0184ea66ffca250212bbeb58c126100d0a06f

SHA256
f1d582e6e62fbcfb2d33473660183fafe0baac895093dccb9ce26e724e8658a5

SHA512
f47313a1d1459e41aedd743611618eec63c718a74692c7fcdb347f80eafb6e7ec2af2726495da50717fc2339fdccf27be6ad53dfc8839b784ba2c1cf1ba53db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe

Filesize
184KB

MD5
6616ac2282d930a1c210e0f9ba146ab4

SHA1
ae12222a512a372442425505735d1bbae74789ec

SHA256
7880f6ed46cd095adbe45e32961b7972750afac9b748906ac43737c0cff3cda1

SHA512
42532889e9bd3c2895b443d5f117c6c780fc1deec5212688599b9c419c8fd8826c33ad86ff2b52f7be5e6dc0151d82c8ddce78b9746014a65ef6adaf8c79597a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe

Filesize
184KB

MD5
264473c70778f31d7575bc438ea20ea5

SHA1
25dac1fb262906309edbe9fee18b4f91f987aa53

SHA256
fd8fd885a4d5dde95f53c6a9e32172015b1209d922ad705cd1594f71ec480ce2

SHA512
c5dee8f237b13c78e3ed7bfa8e45b3487ac8e824bac00a819071d8100fca2a17bad1b81209df9b1e2f525f54cfd917456dd82aaba981c82cf8d9e214a522c661

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14114.exe

Filesize
184KB

MD5
4c747576d0f210c1a4a09ad4a5a50e5c

SHA1
fe5750dadaf7791d328877c78a958d7d0ee7645c

SHA256
42a77f060936608459719ea603b5a71a749cfac0c1f3395a82752a1a7d6cec3a

SHA512
4e735a47b85d6bb7857b08264f5071fdb1eb15f616b2f7bf1fefee981bf751d3e988f3c3ec97b73cedfa09e6961caf3b59f44eb66361548cc2447deac2eff2c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe

Filesize
184KB

MD5
033796c251bf6e920fbc4b8ca1065d72

SHA1
af77e5aa951a93690a78917967a95a0bdf06330f

SHA256
8cacdade86d7f8ecc69d8ebde1e5076531b78108cb593b7751e511ac40e90e55

SHA512
77a64ff98ec3ee104755eb3697a8906ec8f9e26e74a8f569f2c6d3e5af494a14c2c6998d343939beb1af7196267ca65ae3aff348fd2dbf331aa1c39267630232

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14652.exe

Filesize
184KB

MD5
4d971bfa8e550d5323be7ebb63a53880

SHA1
3b049155d958211d31d17a5c2f5b7678a3d5adf8

SHA256
366d3f385f478938cd787e399e3c8739c799e02fae8f28f534c255c6a56ab94c

SHA512
802948cfb96fa5f2625684ac24810384f529445aa53370d4fba0beea59bfc8c6f2342a6410b2a7c2f633c26a51b7f24bd4860ead0be0a3830e782a4cfb240b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe

Filesize
184KB

MD5
22e6c406888855ba3f9ca71364a276b5

SHA1
bf13013fe1527b02d89d2fe027cf9ba980d74421

SHA256
9baca45737dd3f234fcecf1cb5a723681f5cd195cd12d5c4ede521188b8c134f

SHA512
5709b365475dea44e70f2694324e17d8bfb666f2ed480f6dbbff1b147bdea037826a7f5ec3b25c761a81302cd259d3c6d7a626c6348c13cf3b625f8ea66b5451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe

Filesize
184KB

MD5
0840f581d5432d542d98641809ddc0cb

SHA1
04771277166d0200c531a38fceae346785cabc1c

SHA256
db5f57b4afc445895e8be34d41459a2cc652c63cd6e9d9f0f251c42de619238d

SHA512
69b431a00fea04d1538df5000809414b663dfceca7c28f294d3c385dab668cef2babdc038af353af057cde07cbc310e4784c303c8a710dfb3eae04ff6883c7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe

Filesize
184KB

MD5
2dcfee7bff354bcb8a733fd87ecd2933

SHA1
2bb279fd3ed8699ccb519c7f64e65f114e008c76

SHA256
57ed76a6f53f9acdd48dc01a3ed810bb467f9cae6d23eb6c0d983069a1726c9d

SHA512
660f12a0925e8b9cd99f0fc103234eac2fc782ad9be99a54a187a043bc744e02ed1013c582c254b5ed32403e7886f27cc91b5478b9f838b17efb42ca81e038ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20783.exe

Filesize
184KB

MD5
387d3bd353a0628500dbb177b4f7da33

SHA1
03d478d7cbe977d65702a911ac9d99a5de5a5398

SHA256
0cb5996231222db675f7adf9e93362eb23a5cd953f373da3691123dd149987ee

SHA512
f791a18ef4d22aea1bddf45124c68bdfd4ae16ed60aafcc9e98cc15ddf40fb44ff32027ca01b41f7da16fd1973343f75b4345c36629c7bb76ab77475c0e804b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe

Filesize
184KB

MD5
51c50d402809b6a1b06f18c82c4d508c

SHA1
db9eb859e999f701b2b7aee7b574e4f7e6df8e45

SHA256
d86285120112af45dca7da59ceb4cdb5bc6929b5128a7a383e6001fc263ee5f3

SHA512
1838860b9c4a21ac3dff968c1d96237120cde6f50d9fac80d8cdc002d065399e8bf1f6ddab782c53ed1c72e145be5437233b8972c7e418f56bbb283217e55cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe

Filesize
184KB

MD5
b1f320634f3ee3f86c8585e73d52b8a8

SHA1
4a29276830b39e12081643ddfdee285b2a00267b

SHA256
1afdb95608ba260609ae7ee89bc7e7a62397971a4324922852863f3da644ad39

SHA512
8bf8ca68a534e088947ba6200e565380472b54fe69b84e06d10c734559460b080a243fcb5954a648d4318edc0fee453e273d9d3fd51036840541a7b5ac73350b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe

Filesize
184KB

MD5
f088a8354651e5b76ab43d13d883fbb7

SHA1
3ce08d565b403b7736ea5ab2510496da39bdb2c8

SHA256
3924e14dc6ae8115bd363c6bd4448c673853899b4980f2d9bade4be4f30d58b9

SHA512
51dee09f2037f51de2d0cc172c2d2ca6c06a1f82da3d275cbb8e8d4516c401977dcb830d4368b0ac7d987b83f9cee53eb4a0d936ec3f9800d0d95924e964f233

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe

Filesize
184KB

MD5
d5de01043e0f348d62c20c7ce6ab4d67

SHA1
adb43bfb26daa611dde3e43d4fd73c1c50fd1e51

SHA256
47ea91c926927345353908146f2676ad7c8cdf7e86f2264533a9cecac5d4cf50

SHA512
c5064fe7224ebfc009c86e021a2aba1f18396d608eec6727674e3b75ba72bfe2266c5b7bd5ffb25d6ef51786f18126597bfd451ba1ad2976ede2e9a0ef91d78b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe

Filesize
184KB

MD5
48e6ea7ed00b11963931420c3d4e8636

SHA1
d696b3b3db70252827e703292a9720f1871cce30

SHA256
da895877231fce97aa93ad6d1ee576a1b3b6a8d48ec6917fa2755deb429cda21

SHA512
02f42075020c72c3300d69f6d59930ddc74af6de97f5f0bfe4bc0a057aa40fb5381db74b4f0ce24767da7ba4e6dab43043b7eed6f6bd00a46a636a640887ae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe

Filesize
184KB

MD5
12dffca40320f04a03c75069ceb003b6

SHA1
ef85ead850bab8d580ae3a505c1974af8c57e3bf

SHA256
8905af734b9979a93a6af34e115b59408b6b688bdd4cdb83d1bc0180959b84b9

SHA512
2840e9eb11d1a655e72a785d64ee8807c66e257f9f2bd04e64147a3ce2c3a10af15cfc16ca602f070e0a9141c235e6ded7c24c20952da895685cea2abcae9558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe

Filesize
184KB

MD5
f93a3765a4341d9bcb9ce93b3c7d5870

SHA1
2960fc8179e8aae0534a4fdf882b8e52cfc7b251

SHA256
23cbc824c69d2b0dc606ce4f0ad2ce51e4eaf940ba83eac159aaa1e717eee796

SHA512
d2956b7ed8c1a45985ac0182ae62cd6d95278041855dff3a67624c8618882081ab0904b3a9324a5648c8348e9ed8bc843af44287852b8f61663bff2f1a3b1e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe

Filesize
184KB

MD5
0e8da3923e89f18fa4cd70c5a6fdee64

SHA1
19f7905b51570cdd5dca558cfaf3154bf6c68c8b

SHA256
0ef97ec2701e701fb692885abf1185596124fc6f5dd9b528d178868a1074d6a6

SHA512
9328a8e9ef309de052462f1e85162c5e3a20ba029925a70e9f8f10b4a490ce52c37051117946231bd1332a064b86018b6cb45a70ef133325e11e56145111e764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe

Filesize
184KB

MD5
ae6fa569acb4d178a9477852fbdc6943

SHA1
0b9221455b9778bc7366bc8ed5a92cd3fbc44cb6

SHA256
ba904f5752bab7c263c8d7644d3edd0f62af8a533320579df233e99db9743427

SHA512
785acd800bedcd8bfd646ebd42eb00559d02d594e5b22268e35f91363f0e81c796b78297bc1a5ee4010f069461a5663cf27b8bd31451cf41b09c3d7275e99003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe

Filesize
184KB

MD5
033c9d0eebe3e3e18bcb727c5bb83d3b

SHA1
c0fa7a3b9d8a6c835175815ab40135f783928192

SHA256
1787810c658ac44bb5097aa166c57f23000509cc4ef16fe5ba30f424e2bde05c

SHA512
fb2f3d11c2886e279717fbd51f04d127aedee05428a2cb6290226a04ea61baf731d79b9432fd89a67f957583dacc26d9a4353818f4a81402f491d9bd47824a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe

Filesize
184KB

MD5
f6212a61121fcb73efc18ac6a9177b0d

SHA1
dfd01296c42d045d0fe5b4dd4af599cedf6bd033

SHA256
9c9c4bfbec1ccf11f7c338c4267ebad8dea35732f793f93199979abda5d5a779

SHA512
d6e49c91e183160995f305a5221583c19a81ec3a0e73603fadd05c501b66e835b2f1cd468c95466be29c07298c07fa15223075a43fc95d3b412351a97eeb59fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe

Filesize
184KB

MD5
c0c24906acf7f96e1509b9b29c25a22b

SHA1
132091ff700157a00e50214b03907b1c27703d2f

SHA256
dff9f698d7f352ad1105b16342a1955fa4e90b4e96fb53743de39f56edfb9591

SHA512
20224949640fd05a472f78991652992d9060b136386c64bc7b7b0314fbcf352339c2a474781a976582f2236e2a7f5ce154b94d147a6fa5b544bdba8c96356d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe

Filesize
184KB

MD5
0a6dac1ad5cd46f78ca8e123559a348e

SHA1
4ed1c4ef7f5b3b5f6e9eb57e6632dd10279367bd

SHA256
79c5e2f2bfe1e042c2b5d760ca7e641bfe0b50b4dc88393d63ae3b1de93d336b

SHA512
eb9bf4652db46aa6c4103ca8722e89a1df66fcc164c8fcf609989aa9eb067e3a5335cdbb97dae1796b4984ae5b37176805c4d4f5698954566bdbd5455dd8187d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe

Filesize
184KB

MD5
77e38006d1f7442ef9b4540fc5eb3eb1

SHA1
a44ad1583d2f31f07b3d7ec0c1ecffbb690bf886

SHA256
3e99b608e056a75ed1e7ced35ab41cedae3bf29d4cba3e981c1b7b36493c6dd6

SHA512
c217c01548dc624ae7ef159ea544dd7f32d51ca87b5b076cb817e8bd2d227c244f5604727cfe4030c34c587cf50e9705f8c30407d2b28423199f6e14dd36c364

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe

Filesize
184KB

MD5
f07f1da3a5f1acda734fd9fc8efe9953

SHA1
c84b2c87fcd8c638d9cf864f8c34ae89df352f2e

SHA256
e5f96888fdb1e3535fd44330035749214a614ab3127ab872373b4699327ae117

SHA512
a018ac88818ceb244f52b1a8b9cc1dee9dfd7199a4165d64266f8e457c115d5264de15d591c79ac3a773f082e25efad9855841336dfa6b41588f6c1a1c2fc153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe

Filesize
184KB

MD5
a2ca92863b58f453ea00ab1f26b9154a

SHA1
0b2dc535c691a57b8910e2f78a028bbadef36cef

SHA256
de8392570be178c10d2853c84ed80cd1ffb5c12100be792091223021764a3ea1

SHA512
98610f53e7253216dccf7b40edea70771b04da135f09e50464be3d7a6331a4fe493aeae4724b021b6168f4d6247d59b76f3c0a6403d9761444d13d93adf6b944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe

Filesize
184KB

MD5
5c2c1aaac834700b58cf01d0d3cccd5a

SHA1
871ae0d55c9f3ececc2d1a88e65de97e1c64cd1f

SHA256
2e316dae485510501bbda22fcd52db5b57594e94a8aeeb57e6251348861860b5

SHA512
cc879810e027b4cb5c075acb5ad77a3413630b08c05aa3d9f9d49d99e8b2e3b9be73a19f90200bbb451dbca4a5c6a204688a112816770799f8cb7001fa806f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe

Filesize
184KB

MD5
d87b32ba17e87922d2cdb4af12676f95

SHA1
3d8c1993a82e287758446ae63d233ad4caef266d

SHA256
9ebd39a51f57223e286f967e68f351eaaf754a5aef8530f4a1cdbe106aa8fe94

SHA512
6591b636dba635604aac2cd3c6e65e2bd0532519286e49a69d829ca073c4087e18b1cbc623c53b01264828b979a943b8c3bc8d5931a3511c7a9859cb6642cb5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-917.exe

Filesize
184KB

MD5
4767b5f0fe673bdf1df7844ba1daad7c

SHA1
05eeb1ceb8d0ab3f1bf213ef23af2974ef2b1708

SHA256
b6acb86119965272c8fc3098bc6113e4da81813bafd9cf9dfa51e5073fa704eb

SHA512
33d461676bd5e08425536e6dd8b14e5482bf8933540aee2abab5b483948318148e1fea61944c2923e53094bbf5869c448092443695cd18406eef5b1a09f335fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe

Filesize
184KB

MD5
571013f99f98bb296e0787c4020d996f

SHA1
d0356ebc267590af84649a67ae68f822bf379460

SHA256
11ddb16db60614e2972ba2f6ccb75ee4ae546e7baaa9d38e4c773c12da5366e7

SHA512
c56ee45e52a07b65a30375cb533a7e92b233996d503d62bcb5309bcc65c37b31f192853f01a0f14189f9ab64a8a5add7fa9d7aeb278d117ef635add0fdb74796

Download Submit
memory/8-80-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/228-448-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/396-95-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/432-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/440-348-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/516-502-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/556-291-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/724-254-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/760-124-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/832-176-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/856-487-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/860-193-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/864-410-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/876-194-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/968-400-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1040-503-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1276-82-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1304-258-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1428-31-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1448-224-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1604-496-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1660-144-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1668-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1744-42-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1832-409-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1860-324-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1908-110-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2000-412-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2032-267-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2060-339-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2068-228-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2124-341-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2180-436-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2184-513-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2200-83-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2272-285-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2284-173-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2324-3580-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2328-482-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2364-192-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2388-94-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-491-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2452-514-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2468-251-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2516-499-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2544-53-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2732-411-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3064-178-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3084-327-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3100-175-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-399-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3144-237-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3184-408-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3248-273-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3268-342-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3396-177-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3448-347-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3472-490-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3492-329-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3516-489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3536-323-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3568-451-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3692-423-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3836-296-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4000-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4036-497-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4076-131-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4132-406-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4236-407-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4260-81-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4324-450-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4408-495-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4440-61-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4532-13-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4552-484-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4620-281-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4640-321-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4656-117-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4660-3752-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4756-242-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4760-422-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4812-325-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4924-340-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4932-154-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4944-191-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4960-41-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4964-483-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5004-334-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5028-255-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5320-584-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5344-585-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5364-586-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5380-587-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5404-588-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5456-589-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5464-590-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5500-598-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5520-600-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15232-3199-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15284-3678-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15412-3239-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15492-3754-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15964-3730-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16164-3734-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16228-3943-0x00007FF965490000-0x00007FF965685000-memory.dmp

Filesize
2.0MB

Download
memory/16228-3887-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16832-3288-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17196-3334-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17376-3198-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads