ba9aadfb25629038eb8bebf198b5480d29ff45f9bf9cfa9e7240ecb4dc4cc897

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe
Size

184KB
MD5

18ed446e23f7c897cf3a11b357713df0
SHA1

605a3fa80a59f2c5985eb006bfa23ab847027199
SHA256

ba9aadfb25629038eb8bebf198b5480d29ff45f9bf9cfa9e7240ecb4dc4cc897
SHA512

08812c18a478f0d867eb5563916d78a927eaa8c152962e9746fe4476d99043e9b732046d8e85711ea5a5606a016b8953ef3fabbf7de36e11c7e5802b03573801
SSDEEP

3072:fyLhwWoX/jFsdV9tWiv8bxdllvDqnviu:fyjox4V9D81dllLqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4752	Unicorn-5162.exe
4496	Unicorn-18614.exe
2296	Unicorn-16153.exe
4584	Unicorn-8473.exe
448	Unicorn-10097.exe
2040	Unicorn-38131.exe
5036	Unicorn-26847.exe
3960	Unicorn-54031.exe
1348	Unicorn-46418.exe
1200	Unicorn-21167.exe
2592	Unicorn-33419.exe
1284	Unicorn-13553.exe
2428	Unicorn-35457.exe
1828	Unicorn-53839.exe
4524	Unicorn-48421.exe
2540	Unicorn-2060.exe
3144	Unicorn-1561.exe
2944	Unicorn-63569.exe
5076	Unicorn-43471.exe
2456	Unicorn-59297.exe
5028	Unicorn-27410.exe
3980	Unicorn-19796.exe
1152	Unicorn-51914.exe
3516	Unicorn-3782.exe
3644	Unicorn-60082.exe
1800	Unicorn-52469.exe
2100	Unicorn-60637.exe
1140	Unicorn-11950.exe
1088	Unicorn-23938.exe
4880	Unicorn-8835.exe
3556	Unicorn-40814.exe
3076	Unicorn-32753.exe
3456	Unicorn-37882.exe
2380	Unicorn-59926.exe
5052	Unicorn-5894.exe
1472	Unicorn-40605.exe
4512	Unicorn-46543.exe
4304	Unicorn-31228.exe
4524	Unicorn-54986.exe
2904	Unicorn-21856.exe
2444	Unicorn-47695.exe
4452	Unicorn-40081.exe
2184	Unicorn-9677.exe
2544	Unicorn-34986.exe
3680	Unicorn-23967.exe
3672	Unicorn-59755.exe
3684	Unicorn-60310.exe
3488	Unicorn-9485.exe
2940	Unicorn-10040.exe
2612	Unicorn-29906.exe
4696	Unicorn-47311.exe
3400	Unicorn-41181.exe
1156	Unicorn-39697.exe
4060	Unicorn-59563.exe
3256	Unicorn-38381.exe
1704	Unicorn-50849.exe
2548	Unicorn-37113.exe
1236	Unicorn-48043.exe
116	Unicorn-48043.exe
1084	Unicorn-53431.exe
1544	Unicorn-41965.exe
1516	Unicorn-64654.exe
4876	Unicorn-8909.exe
4940	Unicorn-39958.exe

Program crash 32 IoCs

pid	pid_target	Process	procid_target
17036	16988	WerFault.exe	847
17432	16988	WerFault.exe	847
4824	17176	WerFault.exe	844
5444	17496	WerFault.exe	884
5640	4916	WerFault.exe	866
1644	17276	WerFault.exe	853
1164	17472	WerFault.exe	881
1924	17616	WerFault.exe	886
17504	17212	WerFault.exe	848
17512	17276	WerFault.exe	853
5080	17424	WerFault.exe	876
17192	17832	WerFault.exe	890
2232	17516	WerFault.exe	885
944	17716	WerFault.exe	888
3700	17040	WerFault.exe	901
6232	18020	WerFault.exe	895
5896	7164	WerFault.exe	289
6140	1848	WerFault.exe	872
6504	4676	WerFault.exe	966
1644	17136	WerFault.exe	968
2876	7028	WerFault.exe	1012
780	6664	WerFault.exe	1033
2588	2600	WerFault.exe	1034
18352	8268	Process not Found	353
14924	10272	Process not Found	1194
2688	11136	Process not Found	1348
13692	7652	Process not Found	1243
15844	17120	Process not Found	1302
6384	9044	Process not Found	1252
6036	14720	Process not Found	1336
16452	12344	Process not Found	1282
11156	3176	Process not Found	273

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	11120	Process not Found
Token: SeChangeNotifyPrivilege	11120	Process not Found
Token: 33	11120	Process not Found
Token: SeIncBasePriorityPrivilege	11120	Process not Found
Token: SeCreateGlobalPrivilege	17040	Process not Found
Token: SeChangeNotifyPrivilege	17040	Process not Found
Token: 33	17040	Process not Found
Token: SeIncBasePriorityPrivilege	17040	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe
4752	Unicorn-5162.exe
4496	Unicorn-18614.exe
2296	Unicorn-16153.exe
4584	Unicorn-8473.exe
2040	Unicorn-38131.exe
448	Unicorn-10097.exe
5036	Unicorn-26847.exe
3960	Unicorn-54031.exe
1348	Unicorn-46418.exe
1200	Unicorn-21167.exe
2428	Unicorn-35457.exe
1284	Unicorn-13553.exe
2592	Unicorn-33419.exe
1828	Unicorn-53839.exe
2540	Unicorn-2060.exe
3144	Unicorn-1561.exe
2944	Unicorn-63569.exe
5076	Unicorn-43471.exe
2456	Unicorn-59297.exe
5028	Unicorn-27410.exe
4880	Unicorn-8835.exe
1088	Unicorn-23938.exe
1800	Unicorn-52469.exe
1140	Unicorn-11950.exe
2100	Unicorn-60637.exe
3980	Unicorn-19796.exe
3516	Unicorn-3782.exe
3644	Unicorn-60082.exe
1152	Unicorn-51914.exe
3556	Unicorn-40814.exe
3076	Unicorn-32753.exe
3456	Unicorn-37882.exe
2380	Unicorn-59926.exe
5052	Unicorn-5894.exe
1472	Unicorn-40605.exe
4512	Unicorn-46543.exe
4304	Unicorn-31228.exe
4524	Unicorn-54986.exe
2904	Unicorn-21856.exe
2444	Unicorn-47695.exe
4452	Unicorn-40081.exe
2184	Unicorn-9677.exe
2544	Unicorn-34986.exe
3680	Unicorn-23967.exe
3672	Unicorn-59755.exe
3684	Unicorn-60310.exe
3488	Unicorn-9485.exe
2612	Unicorn-29906.exe
3400	Unicorn-41181.exe
4696	Unicorn-47311.exe
2940	Unicorn-10040.exe
4060	Unicorn-59563.exe
1156	Unicorn-39697.exe
3256	Unicorn-38381.exe
2548	Unicorn-37113.exe
1704	Unicorn-50849.exe
1236	Unicorn-48043.exe
116	Unicorn-48043.exe
1084	Unicorn-53431.exe
1544	Unicorn-41965.exe
1516	Unicorn-64654.exe
4940	Unicorn-39958.exe
4876	Unicorn-8909.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 4752	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	92
PID 932 wrote to memory of 4752	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	92
PID 932 wrote to memory of 4752	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	92
PID 4752 wrote to memory of 4496	4752	Unicorn-5162.exe	95
PID 4752 wrote to memory of 4496	4752	Unicorn-5162.exe	95
PID 4752 wrote to memory of 4496	4752	Unicorn-5162.exe	95
PID 932 wrote to memory of 2296	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	96
PID 932 wrote to memory of 2296	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	96
PID 932 wrote to memory of 2296	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	96
PID 4496 wrote to memory of 4584	4496	Unicorn-18614.exe	100
PID 4496 wrote to memory of 4584	4496	Unicorn-18614.exe	100
PID 4496 wrote to memory of 4584	4496	Unicorn-18614.exe	100
PID 4752 wrote to memory of 448	4752	Unicorn-5162.exe	101
PID 4752 wrote to memory of 448	4752	Unicorn-5162.exe	101
PID 4752 wrote to memory of 448	4752	Unicorn-5162.exe	101
PID 2296 wrote to memory of 2040	2296	Unicorn-16153.exe	102
PID 2296 wrote to memory of 2040	2296	Unicorn-16153.exe	102
PID 2296 wrote to memory of 2040	2296	Unicorn-16153.exe	102
PID 932 wrote to memory of 5036	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	103
PID 932 wrote to memory of 5036	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	103
PID 932 wrote to memory of 5036	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	103
PID 4584 wrote to memory of 3960	4584	Unicorn-8473.exe	104
PID 4584 wrote to memory of 3960	4584	Unicorn-8473.exe	104
PID 4584 wrote to memory of 3960	4584	Unicorn-8473.exe	104
PID 4496 wrote to memory of 1348	4496	Unicorn-18614.exe	105
PID 4496 wrote to memory of 1348	4496	Unicorn-18614.exe	105
PID 4496 wrote to memory of 1348	4496	Unicorn-18614.exe	105
PID 2040 wrote to memory of 1200	2040	Unicorn-38131.exe	106
PID 2040 wrote to memory of 1200	2040	Unicorn-38131.exe	106
PID 2040 wrote to memory of 1200	2040	Unicorn-38131.exe	106
PID 448 wrote to memory of 2592	448	Unicorn-10097.exe	108
PID 448 wrote to memory of 2592	448	Unicorn-10097.exe	108
PID 448 wrote to memory of 2592	448	Unicorn-10097.exe	108
PID 2296 wrote to memory of 1284	2296	Unicorn-16153.exe	107
PID 2296 wrote to memory of 1284	2296	Unicorn-16153.exe	107
PID 2296 wrote to memory of 1284	2296	Unicorn-16153.exe	107
PID 4752 wrote to memory of 2428	4752	Unicorn-5162.exe	109
PID 4752 wrote to memory of 2428	4752	Unicorn-5162.exe	109
PID 4752 wrote to memory of 2428	4752	Unicorn-5162.exe	109
PID 5036 wrote to memory of 1828	5036	Unicorn-26847.exe	110
PID 5036 wrote to memory of 1828	5036	Unicorn-26847.exe	110
PID 5036 wrote to memory of 1828	5036	Unicorn-26847.exe	110
PID 932 wrote to memory of 4524	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	111
PID 932 wrote to memory of 4524	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	111
PID 932 wrote to memory of 4524	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	111
PID 932 wrote to memory of 2540	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	112
PID 932 wrote to memory of 2540	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	112
PID 932 wrote to memory of 2540	932	18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe	112
PID 3960 wrote to memory of 3144	3960	Unicorn-54031.exe	113
PID 3960 wrote to memory of 3144	3960	Unicorn-54031.exe	113
PID 3960 wrote to memory of 3144	3960	Unicorn-54031.exe	113
PID 4584 wrote to memory of 2944	4584	Unicorn-8473.exe	114
PID 4584 wrote to memory of 2944	4584	Unicorn-8473.exe	114
PID 4584 wrote to memory of 2944	4584	Unicorn-8473.exe	114
PID 1348 wrote to memory of 5076	1348	Unicorn-46418.exe	115
PID 1348 wrote to memory of 5076	1348	Unicorn-46418.exe	115
PID 1348 wrote to memory of 5076	1348	Unicorn-46418.exe	115
PID 4496 wrote to memory of 2456	4496	Unicorn-18614.exe	116
PID 4496 wrote to memory of 2456	4496	Unicorn-18614.exe	116
PID 4496 wrote to memory of 2456	4496	Unicorn-18614.exe	116
PID 1200 wrote to memory of 5028	1200	Unicorn-21167.exe	117
PID 1200 wrote to memory of 5028	1200	Unicorn-21167.exe	117
PID 1200 wrote to memory of 5028	1200	Unicorn-21167.exe	117
PID 2040 wrote to memory of 3980	2040	Unicorn-38131.exe	118

C:\Users\Admin\AppData\Local\Temp\18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18ed446e23f7c897cf3a11b357713df0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5162.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5162.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        9⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57846.exe
        10⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        10⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
        10⤵
        
        PID:17832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17832 -s 484
        11⤵
        Program crash
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        9⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        9⤵
        
        PID:12972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        9⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        9⤵
        
        PID:16464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        8⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62070.exe
        9⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        9⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        9⤵
        
        PID:14848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        9⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        8⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        8⤵
        
        PID:15920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        9⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        9⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        9⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        9⤵
        
        PID:17040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17040 -s 464
        10⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39765.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        8⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        8⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        7⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        7⤵
        
        PID:15928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        7⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 424
        8⤵
        Program crash
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        10⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
        9⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        9⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        9⤵
        
        PID:18352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        8⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        9⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        9⤵
        
        PID:17424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17424 -s 436
        10⤵
        Program crash
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        9⤵
        
        PID:18068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62693.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        8⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        8⤵
        
        PID:16656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        8⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        8⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        8⤵
        
        PID:15248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        8⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        8⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 436
        9⤵
        Program crash
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        7⤵
        
        PID:16376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        7⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        7⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        8⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        8⤵
        
        PID:14488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
        8⤵
        
        PID:17616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17616 -s 464
        9⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        7⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        7⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        7⤵
        
        PID:15192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3085.exe
        7⤵
        
        PID:18000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39788.exe
        6⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        6⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19346.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        8⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        9⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        9⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        9⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        8⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        8⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        8⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
        7⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
        7⤵
        
        PID:11696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        7⤵
        
        PID:14860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        7⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        6⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19694.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        8⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        8⤵
        
        PID:15144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        8⤵
        
        PID:18032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        7⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        6⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        7⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        7⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4153.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60186.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43798.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        8⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        6⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        7⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        7⤵
        
        PID:14632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12472.exe
        6⤵
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        6⤵
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        5⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        8⤵
        
        PID:17124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        7⤵
        
        PID:13344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        7⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        6⤵
        
        PID:11064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        6⤵
        
        PID:15052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        6⤵
        
        PID:17864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28054.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        6⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        5⤵
        
        PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        9⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        9⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        9⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        9⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        8⤵
        
        PID:15200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
        8⤵
        
        PID:18020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18020 -s 464
        9⤵
        Program crash
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        8⤵
        
        PID:17576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        8⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        7⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        7⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        6⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        8⤵
        
        PID:15804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32190.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38468.exe
        7⤵
        
        PID:18040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        7⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        7⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58704.exe
        8⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        7⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        7⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        7⤵
        
        PID:13820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
        7⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        5⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57010.exe
        6⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        7⤵
        
        PID:16588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        7⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        6⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        6⤵
        
        PID:14560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        6⤵
        
        PID:18008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        6⤵
        
        PID:18008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        6⤵
        
        PID:17136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17136 -s 452
        7⤵
        Program crash
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        5⤵
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        6⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        8⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        8⤵
        
        PID:17536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        7⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        7⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
        7⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        7⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        7⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
        6⤵
        
        PID:16168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        5⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        6⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        7⤵
        
        PID:13768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        7⤵
        
        PID:17212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17212 -s 436
        8⤵
        Program crash
        
        PID:17504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        6⤵
        
        PID:11332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        6⤵
        
        PID:14856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47912.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        6⤵
        
        PID:15212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        6⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        6⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41480.exe
        5⤵
        
        PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        7⤵
        
        PID:11724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        7⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        7⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        6⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        6⤵
        
        PID:15772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        6⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        5⤵
        
        PID:15136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
        6⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17431.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29755.exe
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31760.exe
      4⤵
      PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        9⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        9⤵
        
        PID:14016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        9⤵
        
        PID:16468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        8⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        7⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        8⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32523.exe
        8⤵
        
        PID:17716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17716 -s 464
        9⤵
        Program crash
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        7⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        7⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        7⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        8⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        8⤵
        
        PID:14588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        7⤵
        
        PID:15936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        7⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54684.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        6⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        7⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        7⤵
        
        PID:16976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
        6⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        6⤵
        
        PID:13136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        6⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        6⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        5⤵
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        7⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20396.exe
        6⤵
        
        PID:17128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        6⤵
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        5⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        5⤵
        
        PID:6836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30571.exe
        7⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        6⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        6⤵
        
        PID:17248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
        6⤵
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        6⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60128.exe
        5⤵
        
        PID:9744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        5⤵
        
        PID:16600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
      4⤵
      PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        6⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        6⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        5⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        5⤵
        
        PID:12920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        5⤵
        
        PID:18012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        5⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        5⤵
        
        PID:13812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        5⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        5⤵
        
        PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        5⤵
        
        PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
      4⤵
      PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49651.exe
      4⤵
      PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
      4⤵
      PID:18324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3205.exe
        8⤵
        
        PID:17244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        7⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        6⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        7⤵
        
        PID:16680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
        6⤵
        
        PID:13528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        7⤵
        
        PID:15756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        7⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        6⤵
        
        PID:16444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        5⤵
        
        PID:17276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17276 -s 436
        6⤵
        Program crash
        
        PID:1644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17276 -s 436
        6⤵
        Program crash
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        7⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        7⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        7⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        6⤵
        
        PID:14296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        5⤵
        
        PID:18328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
      4⤵
      PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        5⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        5⤵
        
        PID:13724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      4⤵
      PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
      4⤵
      PID:15048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
      4⤵
      PID:17804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        6⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        7⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58409.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        7⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8544.exe
        6⤵
        
        PID:15140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        5⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        5⤵
        
        PID:10008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        5⤵
        
        PID:16440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35542.exe
        5⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
        6⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        6⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4009.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34716.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62004.exe
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        5⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        5⤵
        
        PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
      4⤵
      PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22790.exe
      4⤵
      PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        6⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        6⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        5⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        5⤵
        
        PID:12616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        5⤵
        
        PID:16264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        5⤵
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
      4⤵
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
      4⤵
      PID:14228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
      4⤵
      PID:3856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
    3⤵
    PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
      4⤵
      PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
      4⤵
      PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
    3⤵
    PID:8496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
    3⤵
    PID:11740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
    3⤵
    PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
    3⤵
    PID:17764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        9⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54149.exe
        9⤵
        
        PID:16884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        8⤵
        
        PID:17404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        7⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 464
        8⤵
        Program crash
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        7⤵
        
        PID:16556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        7⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        8⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        8⤵
        
        PID:17516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17516 -s 464
        9⤵
        Program crash
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        7⤵
        
        PID:12804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        7⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
        7⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        6⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
        6⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        8⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        8⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        8⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52602.exe
        7⤵
        
        PID:13264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        7⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        6⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        7⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        7⤵
        
        PID:17824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        6⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        7⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        7⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        7⤵
        
        PID:17480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        6⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        6⤵
        
        PID:15988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        6⤵
        
        PID:17932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        6⤵
        
        PID:13892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        6⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54867.exe
        6⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11899.exe
        5⤵
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        8⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        7⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        7⤵
        
        PID:12480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        7⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        6⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10601.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        5⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        6⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        5⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        5⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        5⤵
        
        PID:17752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        5⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        6⤵
        
        PID:15176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        6⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        5⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        5⤵
        
        PID:6492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        6⤵
        
        PID:17524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        6⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46393.exe
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        5⤵
        
        PID:16284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        5⤵
        
        PID:17188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32615.exe
      4⤵
      PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
      4⤵
      PID:4916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 464
        5⤵
        Program crash
        
        PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53554.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63471.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        8⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        7⤵
        
        PID:14152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        7⤵
        
        PID:17384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        6⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        7⤵
        
        PID:16288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        6⤵
        
        PID:8476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4539.exe
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        6⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        7⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        7⤵
        
        PID:16256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        7⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        6⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        6⤵
        
        PID:14144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27071.exe
        6⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        5⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        5⤵
        
        PID:6664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 468
        6⤵
        Program crash
        
        PID:780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60310.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        6⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        7⤵
        
        PID:14656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        7⤵
        
        PID:17488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        7⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50525.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
        6⤵
        
        PID:13656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        6⤵
        
        PID:17444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        6⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        6⤵
        
        PID:17676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        5⤵
        
        PID:16328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
      4⤵
      PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
      4⤵
      PID:10492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
      4⤵
      PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
      4⤵
      PID:16852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        6⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        6⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
        5⤵
        
        PID:17000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        5⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        5⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        5⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
        5⤵
        
        PID:17176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17176 -s 436
        6⤵
        Program crash
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        5⤵
        
        PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21910.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41565.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        5⤵
        
        PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
      4⤵
      PID:16016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
      4⤵
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        6⤵
        
        PID:14872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        5⤵
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
      4⤵
      PID:10048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
      4⤵
      PID:17724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3783.exe
    3⤵
    PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
      4⤵
      PID:16184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14569.exe
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
    3⤵
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
    3⤵
    PID:9336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
    3⤵
    PID:11284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
    3⤵
    PID:18416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        6⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        7⤵
        
        PID:16228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        6⤵
        
        PID:12404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16200.exe
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
        6⤵
        
        PID:10904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        6⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        5⤵
        
        PID:9728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        5⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        5⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        5⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        6⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42802.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        7⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4784.exe
        6⤵
        
        PID:9224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        5⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        5⤵
        
        PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
      4⤵
      PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        5⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        6⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:12800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        5⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        5⤵
        
        PID:16796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        5⤵
        
        PID:16236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
      4⤵
      PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
      4⤵
      PID:13400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
      4⤵
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        6⤵
        
        PID:14616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        6⤵
        
        PID:17472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17472 -s 452
        7⤵
        Program crash
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1144.exe
        5⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        5⤵
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        5⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        5⤵
        
        PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
      4⤵
      PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
      4⤵
      PID:16700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37928.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        5⤵
        
        PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        5⤵
        
        PID:17108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
      4⤵
      PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      4⤵
      PID:13520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
      4⤵
      PID:16856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
    3⤵
    PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        5⤵
        
        PID:15216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        5⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        5⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
        5⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9871.exe
      4⤵
      PID:12788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
      4⤵
      PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
      4⤵
      PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
    3⤵
    PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
      4⤵
      PID:16196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
      4⤵
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
    3⤵
    PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
    3⤵
    PID:13348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
    3⤵
    PID:16672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        5⤵
        
        PID:14784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59875.exe
        5⤵
        
        PID:17704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        5⤵
        
        PID:10452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        5⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26329.exe
        5⤵
        
        PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
      4⤵
      PID:14540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15684.exe
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        5⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
      4⤵
      PID:12748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
      4⤵
      PID:15728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
      4⤵
      PID:7028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 464
        5⤵
        Program crash
        
        PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58280.exe
    3⤵
    PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14218.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
      4⤵
      PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
      4⤵
      PID:1848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 452
        5⤵
        Program crash
        
        PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
    3⤵
    PID:7760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
    3⤵
    PID:11368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
    3⤵
    PID:14612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
    3⤵
    PID:3624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        5⤵
        
        PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
      4⤵
      PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
      4⤵
      PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
      4⤵
      PID:6752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
      4⤵
      PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      4⤵
      PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
      4⤵
      PID:17072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43688.exe
    3⤵
    PID:8568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
    3⤵
    PID:11704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
    3⤵
    PID:15000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
    3⤵
    PID:17700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
    3⤵
    PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16238.exe
        5⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        5⤵
        
        PID:17496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17496 -s 436
        6⤵
        Program crash
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
      4⤵
      PID:13360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
    3⤵
    PID:7984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
    3⤵
    PID:10400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
    3⤵
    PID:12940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
    3⤵
    PID:17244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
    3⤵
    PID:17740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
  2⤵
  PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
    3⤵
    PID:7772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45682.exe
    3⤵
    PID:9732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
    3⤵
    PID:13372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
    3⤵
    PID:16316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
  2⤵
  PID:6196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
  2⤵
  PID:11232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
  2⤵
  PID:13760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
  2⤵
  PID:16988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 16988 -s 464
    3⤵
    - Program crash
    PID:17036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 16988 -s 464
    3⤵
    - Program crash
    PID:17432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
  2⤵
  PID:5764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
  2⤵
  PID:17780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
  2⤵
  PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 16988 -ip 16988
1⤵
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 17176 -ip 17176
1⤵
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 17212 -ip 17212
1⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 17276 -ip 17276
1⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 17220 -ip 17220
1⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 17480 -ip 17480
1⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 17832 -ip 17832
1⤵
PID:17528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 17400 -ip 17400
1⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 17244 -ip 17244
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 18000 -ip 18000
1⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 16996 -ip 16996
1⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 7164 -ip 7164
1⤵
PID:16960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 17700 -ip 17700
1⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4676 -ip 4676
1⤵
PID:17752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 17136 -ip 17136
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6176 -ip 6176
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6176 -ip 6176
1⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 2600 -ip 2600
1⤵
PID:18004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 8068 -ip 8068
1⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 8268 -ip 8268
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10097.exe

Filesize
184KB

MD5
8a90a5cbdba696d77dfe63e9e65b0541

SHA1
fd0b469cefe72eb67917b640b2b9bc7353578862

SHA256
4b290210398e4768b6ee0ab5b0f520e6be0bc3b7ec281a8d0e7d7ab73d7c341c

SHA512
c4934a1eecdc6169c50219414ade4493fcd557b09e0057a8ee0678637661f976e46dd77e96303ca936e4a438136a870f5ecd544ecd79a0eb35f5107d4ffade32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe

Filesize
184KB

MD5
a8140354f2c05d7306d5dfccab42c5cb

SHA1
7222ecdc52358070b2e1c68d8254629ee881f658

SHA256
8a349207a83f3eb0200ca0dc78a87219613d0ff9274ecb01c6e755448049b505

SHA512
cfabfdb5972a5ad796afdd537f72590dc5b677318195d10dd679fe7a15aaa92d86834aedca23c1e56c24c305d71b93ed86d88ee4bd0e3aa238752ca4b4b70163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe

Filesize
184KB

MD5
7c1aabbdda1b294b64afa5936bb87064

SHA1
f564951141dd8d7b6d8ca5e6758c6f03e2742553

SHA256
f03112482319761b0d643f68c3e12ef50add20dc0f48d7686cd4da67f1f40c3e

SHA512
4f835743cdf055975ee199472e7d26cc44b23473a52fb344ffa284957165a4b823e636595f03573c9e7b49eb8033e70f6d44409fbdcbbda62c27091c2a837331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe

Filesize
184KB

MD5
4f4e6d49c2a634608f217aebb6677da9

SHA1
d3b9d5c91af64eab3aa8d53db4571d4ac4fb15e1

SHA256
ca8d7ba819b4ff62c05e4f2c763a6dd27f4d64443c8392693960fb5c5582e598

SHA512
e1e0c0769b326d004a96ab1261847c836fc7a51f0a848d88a0da9e648e534592b49f4188681807f3a55be6ca661ae5b0fd96f729fb848d75f4d1aae333efbe4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe

Filesize
184KB

MD5
6eb5ec30f9cf0634486dacec14fb9e46

SHA1
98f6c03cc0f9f9fb19f2aa9229260acbc71763f4

SHA256
714c87d3a3025f3ca397d77a92bf77b5fcced2e549f0386b49a7a4ba69ecdff8

SHA512
9b684d5891de20a89f9e5594132808296af0df6dd8cfa0c4a08a796a34d8e2d3d563cfb251f9fe55833962f8dacd6aebe0c16dee4d5b04a2fe22e6b8d84831dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe

Filesize
184KB

MD5
327b4d109011d649d9ea917446d4ae03

SHA1
6d37e6b4bdf7b30729855ca886af6c927cfd3383

SHA256
938869b2a532ae0dddccf1808c347b081aec9f3fee4e3f58c9339bd7724bca1d

SHA512
5b58819c1524427e2867bd7dfd18787aebc105945272fb02c6fa5321fa3849b38791d97aeb0007d0fcfa8acf36a25832aea72ca585dc6830388a6dc4134a8a85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe

Filesize
184KB

MD5
fae4244e40b09c3ef9a9afcc922575de

SHA1
b2bf09339273bd396ac82c459fd45441026fe1d9

SHA256
4a8f0f662bc779673822eefb15722cb33fadc4ff8b4a8ec8786c428d384450c7

SHA512
b87fd11be4c4be2d1d4b75098426ae6a12058830461a9c45aa3b6ca8396d629e11eacb540988afba41367f1075318ffde7574395a4c7027bca0dbe888d08d0ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe

Filesize
184KB

MD5
582e1bb6ca8cbad85f0e7922d09c82d1

SHA1
6816370db918743c2b89a999a85879350680e273

SHA256
a2f601057fe23f9621724b09dbd0556100877d1c3476fe4ae6982491760b7d24

SHA512
a40c605f6d25a7d5c302882a6368568b2da5a4bf36580df5162bccc7465ede48b3d3b8c7dd3d7040628c0849ce0aa04cfaf91a78d2a6bdcba75779a48d40c655

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2060.exe

Filesize
184KB

MD5
21f6d0c91173b947f286680ac9f2f4ad

SHA1
f70a61ba11215b0e1ca42287e8634127dd2fe74a

SHA256
06bae87ee205c23b465f6012f376143d5ab87732c921f0ca09a7bc7fb0a80292

SHA512
4af09f16fec50ad4933a199e57f24c24e5202f16951a8457d9ba96443daac0d73fe059c92549b3dfced2b1f7bba06de3acecdc5186b8e28617fc70cd2b678ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe

Filesize
184KB

MD5
8596ae1eeead1efda7a0574d46af3c1f

SHA1
3f44dc57b9158bb9ebbcebb1982afb0694929b76

SHA256
73ccabc2bed8c931e018cb3798c2626ac97c48ba29048462ef9b02ab85feb05f

SHA512
46c91d001fd1b024e2a5dc34a61cdd18613ecb638fa7c52f80f00197e0c65f4c6dbb43b333453fa032dfa2d075b04924fcf2d5d53c6d35613d8e0bed41b122de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23938.exe

Filesize
184KB

MD5
75cf02de5d4e2ccab4927ab4796abc0c

SHA1
bbd87b317315e4607a6fbe0b40b4094cb7712e59

SHA256
1a719e88499f58b8c317d42e68897d22a6cbd3450fafff936563d0371d274226

SHA512
40ca25f0734d6c589aafa3e6f013f1a54198eeffda98e3b8058a09005d69f110f4be8a68adaa0c90d11a4b22144eacadb4a33041dfcc301945d7dac7f239da49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe

Filesize
184KB

MD5
09bb5f7181829e03959a67e643b3588e

SHA1
6fd706e1360a459b2c4f532bd4fcb1a91f78a62a

SHA256
3572b44cb7f75e694f0d8c54e88be608750c9d8e4cfd63843532ecb69177aeec

SHA512
6a8184a4bc8c3e5f48afc6d31c7503d525c3f11e5da663b19782d76831735e9d3181d719b794e936ce2296fa2e4d3412926f4bc1504643fb076d20a3a4cf7ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe

Filesize
184KB

MD5
440d001affdecc64aa5f868600cf53ae

SHA1
61c40e77e2cdb1bea03c8489aa1edcf9115f6d87

SHA256
b0065deb346507cbc23a9c45f06c5551d6540546f699b242186a9019b00e2f49

SHA512
b1b26f75696e3c117828cdf9a57094806cd95c49533fc31eddf735814321f8aca4fe682964c467ca53b3f873dccb639455de076d7f7848a4e9b271c6749caab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe

Filesize
184KB

MD5
6e8c75e81a8e7d352d50228a68332786

SHA1
5f96d3857e0cfb3b79c4510973451e20c24df8d1

SHA256
2a3550d470077cbff2f171d9582f82a40e70b31ba93ddcd5a1a50f52d6f64c88

SHA512
6acb6bb64ad74aa5947c9d25aa4af8edf85c91d305c8a18e5aa4c236392b98d44d1d11f03c03b597f6ce26a977ea60d3b193cda1fc79a8aa1762407e7d362f34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe

Filesize
184KB

MD5
d83ef53e39066a7ed0db7d842d903572

SHA1
9fbf8333af5471033210cf5eb6bce8e408ac164a

SHA256
2faa496b548b566d43e0c7ba43f08981bf73d37954f173fbc2742dbf4f092301

SHA512
a39d54f25e0a4a31b12681e83724981ee60180981485f2e869a8c406d0f0df4932d57f15403f0bfb74e019ad80606d5b6f37b0f0c63145db845f390cc8f4d28d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe

Filesize
184KB

MD5
862266296585c539ce531643b9a753e5

SHA1
81a135f5220978d1e6070f65d6df88db3a6dfffb

SHA256
bd73033894d66b7a331917217b83873f8cfde748796b0edef5dc6d608e61c0c4

SHA512
3b4e1eb3746a6f85bc19df901890cfd064f85ebf6d529f135a20b4e1ee48f116f80d35f578da8bed191f6ecef3c64cf043fd90807a01692b0119d45a61c0c195

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe

Filesize
184KB

MD5
5774e13ef06877a0860bc19760d42386

SHA1
05b931f8325a9391b94b69c4cc8a5903d094762b

SHA256
e4ed1c7ddd764aecaf8408853b33a54dab95b2c2521058efbf44d6c25e21dd62

SHA512
9a51cbf61a09898a097f95379d2974f51dfe79c70a5998cc3de5858bd2cfffcf7d6d47e9e7fe29922151eca9fd203080bd5cd43c0cb8f50e26a7baf48d61be92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe

Filesize
184KB

MD5
3c5363b1154db83678cb8416724ddd02

SHA1
f0c543050d6171d6b5fef7b8f57579ddb4e411af

SHA256
232c13e8a847a6535dd2af59839afcbb93408e5a3bc0ccc94b120ccb17edf133

SHA512
4a2cfed2242f7eacbcc7cf07f7bf870e9a706033bf1ee80f8a5400dfc2205e1e5ac47baaf7b66b5f60dcde9a579ce89dc5d46e09ad930edbe7a9e6f0b19d389d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37840.exe

Filesize
184KB

MD5
335bf3a38339c1971590ff080c39d86c

SHA1
06937a56fa9c3b578fa7e1602e56d4e2116d2b64

SHA256
e925f77af67daa05ad57d16b55d7fa97e5551c98c3b27e0f90ea3d206e24d427

SHA512
2156efb0177791d917494d84bae8fb47a90c6f696ca47637860b49091bfc6ccddc50597154e05ac8fd2ee039ce31c84c6fa9087c08914b7b799c95425806b4c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe

Filesize
184KB

MD5
e0903b33f0d414b3a04b26d67fca2703

SHA1
9b0ed3bfff8b33d7ae4311c19460e49b391fd604

SHA256
c1f52924f0c7156290e38d76b7a038d024f1e8627f6291feef43e364032f3822

SHA512
32908e7661ae6187351a071e4ba16ec76a701dd438c41dc1456e600ab2d3a6ff0347ed570c18485a9aa338642e95923e8ca6d71d9e6458adbacc474bc5ccf952

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe

Filesize
184KB

MD5
39d988382cc3d71ecb401c95fee6d145

SHA1
956c274f64278fa771243f6cafae1308e98230dd

SHA256
edd3094df692ac5d1d7c140928b65fc074c414fcc7ead9d1b3dce81186f21bd2

SHA512
a4bb7e0dff9ad2916b08a17b7136d9def372d955934329d416e99b3655653091276bbf9e4a1968b6d795ec85a81712730b9119480accfe9c83672a79419c5879

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe

Filesize
184KB

MD5
6d4bd809e32fffd3524a9c052c720ab2

SHA1
056c3fa70c6578985c02eb1ee0b6bc8035e50516

SHA256
799edfe41206f391987a5265b3bbf3860f998c8854d2ff8787ccc5706d04a507

SHA512
1e789c60f19b774a7b60f2e12408d641a96e29aeb19256e86997d27353527506e47916dcb4ed0abbe849f5d22456eb350434e433a829d865344a0e0903a73cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe

Filesize
184KB

MD5
c4965b8389c8b4f4b446774a169bd3be

SHA1
84bbcd8b6c55a78cfdf775112fe6c2cd4d77d14b

SHA256
b67d8b61a718f6da924504bde0745938a319bb47bc028b9ba243ff485d7e1788

SHA512
57acab429cbd82608fd6277af35a10e83fcce601946c78c52d41499e7d763c714ed8ac576e747010182230499e605b61e638cc3285742611cba5809468b112fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe

Filesize
184KB

MD5
07fbb4f87aa1b2e187b9b6e072b9f996

SHA1
081d79f0a3f19e69090e9e143fc215a6f6435436

SHA256
44eb09db9dbb07dca411549003a0dc877f8b57d7076f65080ddd07566efff3d7

SHA512
845142fc03893302edaab32e0ef0cf861da326d06ff237fe81e91c8f7bc74d54591c2f8f0f990d38f371dcee451d112be912b2c0848640d6cafcd1182b53c81c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5162.exe

Filesize
184KB

MD5
69e61f9670993ab65151d550c2a9ba28

SHA1
d7415b6e86d93d4a5dd0e26ee85e59c8d452556e

SHA256
59c54f10654211fc56884ca26e7c4cf8e0c4d47746dded57e11bcdbba12a86e1

SHA512
a64d6c259b8cefbd08abd7ea996df6b7a9c54bba42a30fb9d339ba411e2d3a2255d06cc0aaa5485af72946bf7b319fe5039b76f7bd5ca4800771d6fa7881f6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe

Filesize
184KB

MD5
b2f7eefa17c25375850a551c96f16579

SHA1
4ea713a31c26eb5d935d769961e4ad05175d8e27

SHA256
f3d2ec1af78fd258e621af4e6967c08751f9cbf462d77ef1124c271a4a59a3d8

SHA512
0648acb772919e8b544b9885c21a979829150d0c5f20116c6d339770cfbcd1b5469ec557496e108a0d8ec343d919d8daefa514c7ad346138b42306a70f4945fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe

Filesize
184KB

MD5
86b2445c042e8beaebdb4adae3988422

SHA1
2bf7ffe8dab676038c49bc6e824228ff8dee5efd

SHA256
d22564b3f21b3ebf8f9ee1fbb3dbfa269b10c67b4bfc0aa95828df4996e0670e

SHA512
058e637b23bf084586e0d2e197482f09160f4a1ddf03d0f24e12b720ffa2660935b5c88fe6eb9bd52629c3e4b3814eb58d5ec99d55965df246417bb4070e3da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53839.exe

Filesize
184KB

MD5
7678b32bdaedb1ca317ee41c8ca368ce

SHA1
3e8b46599ac8dd55771b948372580f933398c8b8

SHA256
a6eb95f3498b9cf94521f5aa1d75f27e974dfca4ae803b0fc358341fe437ad5c

SHA512
405ffdbe4420f4a6f670a8fbf5b6f62cbf5d0bdd6b213a39842b5fc2c36267fbaa36abd072a1830fbaa8d9fddc6505c316a35f029999b754b6a8cca9565253ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe

Filesize
184KB

MD5
f5b6af3e46005a3aed269371acb6f7b7

SHA1
5066d80f674fab9fabd83ac8fedaac175a6774aa

SHA256
f412b18eac801c82f9c877b5cd57f1b919ec300bfd92967d6e2aa8470b1718a1

SHA512
20878e249efeef0e6c0f0bd350716355eb1d262228e8ccdaee6a5a09198036605e554d1b7add2acc0c388268c4373c5cc0efbb6f193c77ea97d907fbee222898

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe

Filesize
184KB

MD5
12aee6ccbf894e733d763a36e4757609

SHA1
434b41298c16fc83d4c5902253fc4328139c4054

SHA256
1acac3f1190847d0890ce846046655928923d0691a47fb3fac5a84de8ae61d76

SHA512
1b16b4ef4958751c1c0d9655489476a28d397fdfeb6fd021579fbfe216a7c4b3d8a2ba85241de3141491dcc24b76d126c847b66e6b6327b6166638f585550c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe

Filesize
184KB

MD5
901c06ab6fce2b4d9f452e28af126350

SHA1
a3c4a69880d545d2449bd180ba3bdbed50f09835

SHA256
a0fe2215e5aba1679b820b2a800e8d2941cb0b9e82d11e6e4e83ab64a472d645

SHA512
97f910f6242dc97b5603052fbb92edfd637737092dd78d6131dbf2210efd82d25abb1ee9c3d1f9fc6a6a5cb7a6ab1502ec4437069a67659d171560147b1acb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60082.exe

Filesize
184KB

MD5
4117573d7dc44705e5a3ace6c2df3b7d

SHA1
5864101484294dc19c3d742723e36f0ac3048538

SHA256
6a961bf372e323fdf6a2ca89f221eeecf1c6726213ebe4ae9ff121b60a010d9a

SHA512
6418e43aa99e5ce88026f8cd45ce23f331122e4aa3e059a0524061fd7663544136107cc975f5337f6744fb321d06193e55b62e18fde90d354bbada1ef65eb17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe

Filesize
184KB

MD5
531a94555fbf2445e4c5110d0018f8ff

SHA1
5084e13d708e1739dc55e3f5e69e4c0894dc1c99

SHA256
e5e600e4919d62640ced15a7bf7e46bd1a17438c2d5a62c4b9c61a76f1cef398

SHA512
b3a089cceb85baf599699c925f7e4a7695f047bde28ffe65b10e1783a493becbd7c3a0c319aaac879ad465d67af94dacf846e8087d3cd00a22451e75d3979c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe

Filesize
184KB

MD5
1ba86148fd22ab83866f3ad46b78957c

SHA1
1d3808fc6cf037f1e9fb2c418e7b91ecc0d3dcda

SHA256
63bfde2f8fbf9acafc9631b583295eb3d81c286dd12f031452c5eb98a927a35d

SHA512
6c8ae64618af46991dc0eecb003d994d085a72d171d2bbb2117f23a3d0d49d96f5b008869695991e46e5ff0ced81bdb707a3d78e9d057a4019f009509c227dc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe

Filesize
184KB

MD5
4e24909198bebcbf1c599a081f56ab33

SHA1
955718f499c91d91d90f7b268539a76174782429

SHA256
f8b6e238000ffdf4e79553f7fc070651366ac1a8a644c93d4725ec85a804a1b2

SHA512
cd182893229cdd58a985344d124c3df09bfcb271b59b59e985f9e8eec896819c4b8b20e60c921297e15ca1cbd093efb62e30fce5dbed25c4433ddbf1969fed69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe

Filesize
184KB

MD5
a0de06ca3a16230f0e0b3a6444a2e475

SHA1
6e30b0edb6abaeb5125e9093a0855e5497f8ec44

SHA256
8bfadacc35cb14f997f42456cd1a796f1f9b5eae1126903c922fc356bc9bb6ca

SHA512
52bf1844e54cbda2705e0aecfa5ff5bcf99f120260bcf1bc9ac995facccc51561645122e5e7d01b4bf41e0ad09299a469df65d13f561e4bc70a0690311fb18c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe

Filesize
184KB

MD5
9939c58e703473204ed6e5333d1809c2

SHA1
f878727be169297a787e5be1e3139f0b3c4931a5

SHA256
db911165ac7ea1d018ec40eefb7c73bc8127557fc3b836fcb417e1d116ef8181

SHA512
51795aa65b58b19cc05c83f4f840d082603d2c14f5e849975ca6f9b85ae334bf542837ccc573e66670814c2194a0c6ce4cf4f78fd00153010969ebd7ea819372

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8835.exe

Filesize
184KB

MD5
549394807810a46566552a41ac90e5e5

SHA1
4fd515bcc855c64f979495652c46a91f650d2044

SHA256
db0776363c43e3ecde2c23f2de95b629773a4ee08f9e746f6f24e8c5a9eb18ec

SHA512
cf67d33cbc30f525cb60cf1e646f8fa5648b2d83b81322d65fb36bdefa1d37d165d0a536ad6b0b6875977b1cefa9ae666716d3b2dd03d999dfe9d26621eedb30

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads