f41ad2d184e55d94066f1a770555cc6f19266a29507744fa574b2723d1190930

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe
Size

184KB
MD5

3e9ada187e6ef700d73e465321078bb0
SHA1

245f25c8f1fa44e8f625c1a3d967b78560dff348
SHA256

f41ad2d184e55d94066f1a770555cc6f19266a29507744fa574b2723d1190930
SHA512

2f12222ae63721786def96a4edbc63f4dd2b6fca010fc08bcc0fcdcc35d37bfabad9a5ec22a48fe7cd811c3a61efb405b60de02e4771e3471739b7b441700a6f
SSDEEP

3072:0B3Zfco8PjyIZByNWS1F8siszlvnqnxiu0:0BCo3wByb83szlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
552	Unicorn-37058.exe
4256	Unicorn-441.exe
3164	Unicorn-29776.exe
2052	Unicorn-27053.exe
2692	Unicorn-7187.exe
3844	Unicorn-5463.exe
2248	Unicorn-18605.exe
1728	Unicorn-59445.exe
692	Unicorn-18413.exe
2712	Unicorn-64084.exe
2256	Unicorn-12282.exe
4468	Unicorn-59756.exe
2820	Unicorn-54645.exe
440	Unicorn-19320.exe
2144	Unicorn-38034.exe
3152	Unicorn-53301.exe
4400	Unicorn-33435.exe
4168	Unicorn-29409.exe
2200	Unicorn-53877.exe
60	Unicorn-53877.exe
1644	Unicorn-30250.exe
1688	Unicorn-12959.exe
4384	Unicorn-43056.exe
5056	Unicorn-15759.exe
4572	Unicorn-13825.exe
4308	Unicorn-13825.exe
3788	Unicorn-40368.exe
4676	Unicorn-26632.exe
3964	Unicorn-32274.exe
2528	Unicorn-20384.exe
3456	Unicorn-58205.exe
1976	Unicorn-36616.exe
376	Unicorn-58013.exe
1996	Unicorn-49845.exe
1196	Unicorn-28255.exe
2808	Unicorn-13312.exe
4820	Unicorn-31480.exe
1608	Unicorn-62569.exe
3028	Unicorn-48693.exe
2508	Unicorn-7660.exe
1348	Unicorn-17474.exe
2308	Unicorn-49269.exe
2260	Unicorn-17208.exe
3088	Unicorn-22112.exe
548	Unicorn-50146.exe
3032	Unicorn-28142.exe
4908	Unicorn-29211.exe
5016	Unicorn-22542.exe
4664	Unicorn-64749.exe
3016	Unicorn-30192.exe
1548	Unicorn-65325.exe
3036	Unicorn-54505.exe
3116	Unicorn-40629.exe
4796	Unicorn-41506.exe
5100	Unicorn-19039.exe
4936	Unicorn-47572.exe
3184	Unicorn-26322.exe
844	Unicorn-34490.exe
4576	Unicorn-45464.exe
4584	Unicorn-6456.exe
1952	Unicorn-33634.exe
2384	Unicorn-12699.exe
4372	Unicorn-25850.exe
4564	Unicorn-17682.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
2700	4664	WerFault.exe	140
6100	5448	WerFault.exe	189
5420	4936	WerFault.exe	147
7824	6796	WerFault.exe	260
10820	6344	WerFault.exe	249
10804	6796	WerFault.exe	260
10796	7932	WerFault.exe	363
10860	6364	WerFault.exe	250
14544	6260	WerFault.exe	280
16420	6260	WerFault.exe	280
8776	6148	WerFault.exe	281

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe
552	Unicorn-37058.exe
4256	Unicorn-441.exe
3164	Unicorn-29776.exe
2052	Unicorn-27053.exe
2692	Unicorn-7187.exe
3844	Unicorn-5463.exe
2248	Unicorn-18605.exe
1728	Unicorn-59445.exe
2256	Unicorn-12282.exe
2712	Unicorn-64084.exe
4468	Unicorn-59756.exe
692	Unicorn-18413.exe
2820	Unicorn-54645.exe
440	Unicorn-19320.exe
2144	Unicorn-38034.exe
4400	Unicorn-33435.exe
3152	Unicorn-53301.exe
4168	Unicorn-29409.exe
4384	Unicorn-43056.exe
5056	Unicorn-15759.exe
1688	Unicorn-12959.exe
60	Unicorn-53877.exe
2200	Unicorn-53877.exe
1644	Unicorn-30250.exe
4572	Unicorn-13825.exe
4308	Unicorn-13825.exe
3788	Unicorn-40368.exe
4676	Unicorn-26632.exe
3964	Unicorn-32274.exe
2528	Unicorn-20384.exe
3456	Unicorn-58205.exe
1976	Unicorn-36616.exe
376	Unicorn-58013.exe
1996	Unicorn-49845.exe
1196	Unicorn-28255.exe
2808	Unicorn-13312.exe
3028	Unicorn-48693.exe
1608	Unicorn-62569.exe
4820	Unicorn-31480.exe
2508	Unicorn-7660.exe
1348	Unicorn-17474.exe
3088	Unicorn-22112.exe
3032	Unicorn-28142.exe
2308	Unicorn-49269.exe
4908	Unicorn-29211.exe
548	Unicorn-50146.exe
2260	Unicorn-17208.exe
5016	Unicorn-22542.exe
4664	Unicorn-64749.exe
1548	Unicorn-65325.exe
3016	Unicorn-30192.exe
3116	Unicorn-40629.exe
4796	Unicorn-41506.exe
3036	Unicorn-54505.exe
5100	Unicorn-19039.exe
4936	Unicorn-47572.exe
4584	Unicorn-6456.exe
3184	Unicorn-26322.exe
4576	Unicorn-45464.exe
844	Unicorn-34490.exe
1952	Unicorn-33634.exe
2384	Unicorn-12699.exe
4372	Unicorn-25850.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 552	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	87
PID 4028 wrote to memory of 552	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	87
PID 4028 wrote to memory of 552	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	87
PID 552 wrote to memory of 4256	552	Unicorn-37058.exe	90
PID 552 wrote to memory of 4256	552	Unicorn-37058.exe	90
PID 552 wrote to memory of 4256	552	Unicorn-37058.exe	90
PID 4028 wrote to memory of 3164	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	91
PID 4028 wrote to memory of 3164	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	91
PID 4028 wrote to memory of 3164	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	91
PID 3164 wrote to memory of 2052	3164	Unicorn-29776.exe	93
PID 3164 wrote to memory of 2052	3164	Unicorn-29776.exe	93
PID 3164 wrote to memory of 2052	3164	Unicorn-29776.exe	93
PID 552 wrote to memory of 2692	552	Unicorn-37058.exe	94
PID 552 wrote to memory of 2692	552	Unicorn-37058.exe	94
PID 552 wrote to memory of 2692	552	Unicorn-37058.exe	94
PID 4028 wrote to memory of 3844	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	95
PID 4028 wrote to memory of 3844	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	95
PID 4028 wrote to memory of 3844	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	95
PID 2052 wrote to memory of 2248	2052	Unicorn-27053.exe	98
PID 2052 wrote to memory of 2248	2052	Unicorn-27053.exe	98
PID 2052 wrote to memory of 2248	2052	Unicorn-27053.exe	98
PID 2692 wrote to memory of 1728	2692	Unicorn-7187.exe	99
PID 2692 wrote to memory of 1728	2692	Unicorn-7187.exe	99
PID 2692 wrote to memory of 1728	2692	Unicorn-7187.exe	99
PID 3844 wrote to memory of 692	3844	Unicorn-5463.exe	100
PID 3844 wrote to memory of 692	3844	Unicorn-5463.exe	100
PID 3844 wrote to memory of 692	3844	Unicorn-5463.exe	100
PID 3164 wrote to memory of 2712	3164	Unicorn-29776.exe	102
PID 3164 wrote to memory of 2712	3164	Unicorn-29776.exe	102
PID 3164 wrote to memory of 2712	3164	Unicorn-29776.exe	102
PID 552 wrote to memory of 2256	552	Unicorn-37058.exe	101
PID 552 wrote to memory of 2256	552	Unicorn-37058.exe	101
PID 552 wrote to memory of 2256	552	Unicorn-37058.exe	101
PID 4028 wrote to memory of 4468	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	103
PID 4028 wrote to memory of 4468	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	103
PID 4028 wrote to memory of 4468	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	103
PID 2248 wrote to memory of 2820	2248	Unicorn-18605.exe	104
PID 2248 wrote to memory of 2820	2248	Unicorn-18605.exe	104
PID 2248 wrote to memory of 2820	2248	Unicorn-18605.exe	104
PID 2052 wrote to memory of 440	2052	Unicorn-27053.exe	105
PID 2052 wrote to memory of 440	2052	Unicorn-27053.exe	105
PID 2052 wrote to memory of 440	2052	Unicorn-27053.exe	105
PID 1728 wrote to memory of 2144	1728	Unicorn-59445.exe	106
PID 1728 wrote to memory of 2144	1728	Unicorn-59445.exe	106
PID 1728 wrote to memory of 2144	1728	Unicorn-59445.exe	106
PID 2256 wrote to memory of 3152	2256	Unicorn-12282.exe	107
PID 2256 wrote to memory of 3152	2256	Unicorn-12282.exe	107
PID 2256 wrote to memory of 3152	2256	Unicorn-12282.exe	107
PID 2692 wrote to memory of 4400	2692	Unicorn-7187.exe	108
PID 2692 wrote to memory of 4400	2692	Unicorn-7187.exe	108
PID 2692 wrote to memory of 4400	2692	Unicorn-7187.exe	108
PID 552 wrote to memory of 4168	552	Unicorn-37058.exe	109
PID 552 wrote to memory of 4168	552	Unicorn-37058.exe	109
PID 552 wrote to memory of 4168	552	Unicorn-37058.exe	109
PID 4468 wrote to memory of 2200	4468	Unicorn-59756.exe	110
PID 4468 wrote to memory of 2200	4468	Unicorn-59756.exe	110
PID 4468 wrote to memory of 2200	4468	Unicorn-59756.exe	110
PID 2712 wrote to memory of 60	2712	Unicorn-64084.exe	111
PID 2712 wrote to memory of 60	2712	Unicorn-64084.exe	111
PID 2712 wrote to memory of 60	2712	Unicorn-64084.exe	111
PID 692 wrote to memory of 1644	692	Unicorn-18413.exe	112
PID 692 wrote to memory of 1644	692	Unicorn-18413.exe	112
PID 692 wrote to memory of 1644	692	Unicorn-18413.exe	112
PID 4028 wrote to memory of 1688	4028	3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e9ada187e6ef700d73e465321078bb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36597.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64093.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        10⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        10⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        10⤵
        
        PID:14832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        10⤵
        
        PID:16424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        9⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
        9⤵
        
        PID:14080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        9⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        9⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        8⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
        8⤵
        
        PID:12704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        8⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        8⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        9⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        9⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        8⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        8⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        8⤵
        
        PID:17112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        8⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        8⤵
        
        PID:15640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        7⤵
        
        PID:13256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        9⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5601.exe
        9⤵
        
        PID:16084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        9⤵
        
        PID:17212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        8⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        7⤵
        
        PID:13376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        7⤵
        
        PID:17664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        8⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        8⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        7⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        7⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
        8⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 720
        9⤵
        Program crash
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 756
        9⤵
        Program crash
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        8⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        8⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        7⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        7⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        6⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        7⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65206.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        7⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        7⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
        6⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16836.exe
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62612.exe
        7⤵
        
        PID:17012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54457.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        7⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32772.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        6⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        5⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        9⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        7⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39432.exe
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19332.exe
        7⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        7⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        6⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        8⤵
        
        PID:12904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        8⤵
        
        PID:16076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        7⤵
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        7⤵
        
        PID:13708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        6⤵
        
        PID:12608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64709.exe
        6⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39023.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        7⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        7⤵
        
        PID:15552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        6⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        6⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        6⤵
        
        PID:13120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        6⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        7⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        7⤵
        
        PID:12628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        7⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        6⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        6⤵
        
        PID:11940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 604
        6⤵
        Program crash
        
        PID:14544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 604
        6⤵
        Program crash
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        5⤵
        
        PID:9708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        5⤵
        
        PID:15192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        7⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        6⤵
        
        PID:14900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        6⤵
        
        PID:16404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45170.exe
      4⤵
      PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      4⤵
      PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        6⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37105.exe
        9⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        8⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        8⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        8⤵
        
        PID:17328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        7⤵
        
        PID:17716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        7⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        5⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        7⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        7⤵
        
        PID:17632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        6⤵
        
        PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        5⤵
        
        PID:14780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        5⤵
        
        PID:16752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        7⤵
        
        PID:15392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        7⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        6⤵
        
        PID:12204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        6⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        5⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        6⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        6⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        7⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        5⤵
        
        PID:16700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
      4⤵
      PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
      4⤵
      PID:9420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
      4⤵
      PID:15156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        7⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        6⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        6⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        7⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
        5⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        5⤵
        
        PID:10500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56034.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        6⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
        5⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        6⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        5⤵
        
        PID:10880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        5⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
      4⤵
      PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      4⤵
      PID:13244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44585.exe
      4⤵
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34895.exe
      4⤵
      PID:13584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        5⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        6⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        7⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        6⤵
        
        PID:17672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        5⤵
        
        PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11192.exe
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
      4⤵
      PID:12936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
      4⤵
      PID:17464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
      4⤵
      PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
      4⤵
      PID:10468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
      4⤵
      PID:17292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
    3⤵
    PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
      4⤵
      PID:9368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
    3⤵
    PID:9480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14005.exe
    3⤵
    PID:12548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
    3⤵
    PID:14940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
    3⤵
    PID:16440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 488
        8⤵
        Program crash
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        9⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        8⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        8⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        8⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        7⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        7⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        7⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        9⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        9⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        9⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        8⤵
        
        PID:12304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        8⤵
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        8⤵
        
        PID:12848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62710.exe
        8⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34699.exe
        7⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        7⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        8⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5537.exe
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        7⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
        7⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        6⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        6⤵
        
        PID:16308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        6⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        8⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
        9⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
        8⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        8⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45882.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        7⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
        7⤵
        
        PID:14888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        7⤵
        
        PID:16464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        8⤵
        
        PID:13000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        8⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54547.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13019.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
        7⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        7⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        6⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 212
        7⤵
        Program crash
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
        7⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21228.exe
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        6⤵
        
        PID:16080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        6⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        7⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        8⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        7⤵
        
        PID:12492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42109.exe
        7⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        6⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        6⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43942.exe
        6⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        6⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
        5⤵
        
        PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-222.exe
        5⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58338.exe
        8⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        9⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        9⤵
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        9⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
        8⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52692.exe
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        8⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        7⤵
        
        PID:13248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        7⤵
        
        PID:16280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43653.exe
        7⤵
        
        PID:17392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        8⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        8⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        8⤵
        
        PID:14872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        8⤵
        
        PID:16584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        7⤵
        
        PID:14456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43770.exe
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        6⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        6⤵
        
        PID:16544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        7⤵
        
        PID:15528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        7⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
        6⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        7⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        7⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        6⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27239.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        5⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        5⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        5⤵
        
        PID:17240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        7⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        7⤵
        
        PID:17476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        6⤵
        
        PID:17660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        6⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 632
        5⤵
        Program crash
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27474.exe
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        5⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        6⤵
        
        PID:17200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        5⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        5⤵
        
        PID:13732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
      4⤵
      PID:10908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
      4⤵
      PID:13544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      4⤵
      PID:7076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55733.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        8⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        8⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        8⤵
        
        PID:16688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-736.exe
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65341.exe
        7⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        7⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        6⤵
        
        PID:12988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        6⤵
        
        PID:15108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        8⤵
        
        PID:13036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        7⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        7⤵
        
        PID:16528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        5⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        6⤵
        
        PID:10952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        6⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
        5⤵
        
        PID:13996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55490.exe
        7⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54294.exe
        7⤵
        
        PID:12928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        7⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        6⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39309.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        6⤵
        
        PID:16808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        6⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        5⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        6⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        6⤵
        
        PID:15288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50821.exe
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
      4⤵
      PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
      4⤵
      PID:16888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        5⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        7⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        6⤵
        
        PID:16832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        6⤵
        
        PID:13336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        6⤵
        
        PID:16364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29083.exe
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        5⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        6⤵
        
        PID:15800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        6⤵
        
        PID:17268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30722.exe
        5⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8992.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56076.exe
      4⤵
      PID:12784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
      4⤵
      PID:4980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64970.exe
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        5⤵
        
        PID:10808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        5⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46570.exe
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8711.exe
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      4⤵
      PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
      4⤵
      PID:6364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 632
        5⤵
        Program crash
        
        PID:10860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
      4⤵
      PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
      4⤵
      PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
      4⤵
      PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
      4⤵
      PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
      4⤵
      PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
    3⤵
    PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
      4⤵
      PID:10604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
    3⤵
    PID:12620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13466.exe
    3⤵
    PID:14756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
    3⤵
    PID:16988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        8⤵
        
        PID:16576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
        7⤵
        
        PID:13348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        7⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38354.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41917.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        7⤵
        
        PID:16732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        6⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25693.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        6⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14576.exe
        5⤵
        
        PID:9472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        5⤵
        
        PID:16716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        7⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        7⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        7⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        6⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        5⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10386.exe
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        5⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        5⤵
        
        PID:16520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        5⤵
        
        PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16641.exe
        5⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28085.exe
        5⤵
        
        PID:16532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53111.exe
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        5⤵
        
        PID:8424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
      4⤵
      PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
      4⤵
      PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
      4⤵
      PID:7112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        5⤵
        Executes dropped EXE
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
        8⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        7⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        7⤵
        
        PID:16724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        6⤵
        
        PID:13308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
        6⤵
        
        PID:16248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        6⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        7⤵
        
        PID:15364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
        6⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        5⤵
        
        PID:13216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34505.exe
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
      4⤵
      PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
      4⤵
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32373.exe
      4⤵
      PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55157.exe
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        6⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 464
        7⤵
        Program crash
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34890.exe
        6⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52010.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        6⤵
        
        PID:15224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        5⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        5⤵
        
        PID:16508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
    3⤵
    PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        5⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
      4⤵
      PID:7096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
    3⤵
    PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      4⤵
      PID:16260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
      4⤵
      PID:17188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
    3⤵
    PID:9236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
    3⤵
    PID:12572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
    3⤵
    PID:14916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
    3⤵
    PID:16896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        5⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54690.exe
        6⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        7⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        7⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        7⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        6⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        6⤵
        
        PID:228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10719.exe
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
        5⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
      4⤵
      PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31873.exe
      4⤵
      PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      4⤵
      PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
      4⤵
      PID:208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
      4⤵
      PID:16680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28142.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      4⤵
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46522.exe
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63565.exe
        7⤵
        
        PID:17612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        6⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43091.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        5⤵
        
        PID:12000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        5⤵
        
        PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
      4⤵
      PID:16516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
    3⤵
    PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17028.exe
      4⤵
      PID:14860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
      4⤵
      PID:16708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe
    3⤵
    PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
      4⤵
      PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
    3⤵
    PID:11116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
    3⤵
    PID:5676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
      4⤵
      PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21045.exe
        6⤵
        
        PID:12788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        6⤵
        
        PID:15356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
        6⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        5⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        5⤵
        
        PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        5⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
      4⤵
      PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
    3⤵
    PID:516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65354.exe
      4⤵
      PID:6344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 720
        5⤵
        Program crash
        
        PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8027.exe
      4⤵
      PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
      4⤵
      PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
      4⤵
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-314.exe
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
      4⤵
      PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
      4⤵
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
    3⤵
    PID:8968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
    3⤵
    PID:13464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
    3⤵
    PID:14732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39188.exe
    3⤵
    PID:7696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        5⤵
        
        PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
      4⤵
      PID:14664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
      4⤵
      PID:16480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
    3⤵
    PID:6148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 644
      4⤵
      Program crash
      PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
    3⤵
    PID:9040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
    3⤵
    PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
    3⤵
    PID:12884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
  2⤵
  PID:4792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48996.exe
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30402.exe
      4⤵
      PID:15736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
    3⤵
    PID:12752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
    3⤵
    PID:15668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
    3⤵
    PID:17104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
  2⤵
  PID:7148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
  2⤵
  PID:8600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9845.exe
  2⤵
  PID:12808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
  2⤵
  PID:15320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
  2⤵
  PID:16644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4664 -ip 4664
1⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5448 -ip 5448
1⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4936 -ip 4936
1⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6796 -ip 6796
1⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6796 -ip 6796
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 7932 -ip 7932
1⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6344 -ip 6344
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6364 -ip 6364
1⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 8172 -ip 8172
1⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6260 -ip 6260
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6260 -ip 6260
1⤵
PID:14852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe

Filesize
184KB

MD5
5e527dd819a6ab1d1e2602d0cda571ba

SHA1
cb03cdfc250f80eb7586d646b53078c1c3de778d

SHA256
32aa621fdf78a4d7c47cd0a460988b0dd53fb73d6feca5b95e367036b2463c78

SHA512
d53cb5543189e44c7ff95ebb6d7c95006a718feca44528a19c24f9b2db51127f148cef94a1c8cc7406652f95b247c98032a6ff4f2a4f5ddea88e5c16c02ccb93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe

Filesize
184KB

MD5
1d43d794f74c7d0bdc031a25ba6bfc0a

SHA1
7fbfb466fe33297bc1fd8466c0b8ccad83cd3389

SHA256
6d049cfd0a68198ca2615ddec94a0ac67e4a7502bb8dacbc130c744b874ccc74

SHA512
a2073a7ff5a77cafc4a017f402ef52e860349da344ac6029f05258f3221798341e47bb737934f5338e6d0685aaa630c259f755be2abff1fbd9af1d88be1f1c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe

Filesize
184KB

MD5
30cf19f20d9da6d2476e92dc085b68d1

SHA1
a3be2e8c54af93d0c062633ccf00bb4a4b76e7e1

SHA256
74f76b83e3aa18afbe989171c84343310aa45bc19be4b82d6d003368421ff358

SHA512
c5de76639244dac5f1f92e07b11fa5c877d576fd1d735a1271cf6cdb16615b28d22d2bab72287cfb3c78dcd77163591f6241fb91c1da0c4be1703eb56dba8297

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe

Filesize
184KB

MD5
4e1559baccad73ef84e2422dc92448d3

SHA1
4620f4394319c209c18da865b60505ae98fdddda

SHA256
9a9de402d292391f78f2de96bb34806796f46f760d8d5b88a1c9a8fa2a2c32fe

SHA512
4e373f44af524290dc7339ef7bbbc0d5f7baf523602943d9465f4afe0a79981a3f34768c15ac55646ecd42ed82d8a19d1f87968bc977034bd29a5400ec3f1d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe

Filesize
184KB

MD5
09a084c5b99a7c04c9df10e32333a2db

SHA1
6c900a50070314dcd594559ae814a334acb18852

SHA256
6bf9d1f3f4adfdd3ad3edde400fecbe5e6110858d6341f226027f33906634662

SHA512
c5d35669adf14962d3ca1a8513b727eb1744af0e9a4b3c4db8ea8f470a5ff705d42f7fc2a5705ba5cd2d553d7cf385d9710a7020ffe5c3b9ba06f1b77b63209b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe

Filesize
184KB

MD5
3dd04b669fef999a9a805180a554510f

SHA1
238e29eaf60340b1a82352ebd55ca85198d66f87

SHA256
3853bdee62d5e8a3bcfb43a6fc6b9e0216ee860aef02f2358c15be426ba8097a

SHA512
907373e1191a814734053787cac4e554f0888e8b4621925ce3aa295bd9fd5298affe1b1713e54e168a692ecf662c13ac4a9a60aa8005174c80983b345cc8b36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe

Filesize
184KB

MD5
30d461bee67799eabd779d0e3cb80b3e

SHA1
a89233ca5552d49f3b5e783a649b3e1ab3c29d9d

SHA256
42a7ced206d13de439bf6d0271f6a7f3b2f3a0aa4e990f93122c88ef7d262fbc

SHA512
43160fc774328eb701a148ec17fca2772e8a1daa0d6f84b9a7bfdbaeb354409880efc1348355d2382fe0d997b2fe1f3fb7da526ab50e8c32fe69a0eba35e151a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe

Filesize
184KB

MD5
cf64282314ab991305a25c6c2201f3f0

SHA1
db76f313aa0d281fa1998a6c8014269655aedcd8

SHA256
7131896dbd3d649372169bcca354e7e0bd1cb518bbf57e0e982488703d574d47

SHA512
8482ae497951ff7cc7cbb4d10b1961588db3a3813fe05ea6e8246811e2a7bf16b591a3a69b35035988a1b7b7be9de6477553427761e6eb60a8530e58723147c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20384.exe

Filesize
184KB

MD5
3f911aad4bb86b4ed9174b25995eeb98

SHA1
1765917cd0dabadcb6fa68b59b6ef46298dc3381

SHA256
09a6ae73eeb59bbb9e45c5a640ac8b7a8f90169a5f4b80d5873a6efd38a9a370

SHA512
9d97c579c6b3a153676e8011d248c0365d1cb46748b459ffbc2133280a4bc0e8c5298d579ff9e5e30af4a57015d36fc199a34f7becbcc74e5fc404b703015536

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe

Filesize
184KB

MD5
d91dc48e17d3f4115a21890b1b987378

SHA1
556d89e4ad8849780820242f7b11fd2148c67a24

SHA256
a155d5128130dd1c0a3af7cdd6bc785e7f6ef6e99730de397aadd63a863a81b2

SHA512
5af4f4c36d160deed4a480d54112ad2b651cff8ca7cb5a713fd87c71c2b93502245a657a48a0908a9e3d8f813fc9a12bbdd84efbebb5764d2f4e953a6c58bc1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe

Filesize
184KB

MD5
5a3a12ec288db59485665bc38647a491

SHA1
fb5575cc81d6014b87b16c2f4501e3c17edd7176

SHA256
de52d1316ec6a0e7ffea54ad6343a9e27db140685ff860b9306fcf21f779c33c

SHA512
5337c11cbebede8081b262a26a810f5659cdb28bab87a569f9f94cbf5ffaf976762c9769c80fec0536216e60fec11e75ef5c284c614fd2c46acb6efd16e9d539

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe

Filesize
184KB

MD5
57a0147b27fd5143777780ad7ba6e9b4

SHA1
281512efcf1babbff483b0a2712420bbd705a7a2

SHA256
57c9fc767b3d7661f4a60e09effd81ee7a15ea8c4a81866156e4651ca62c8138

SHA512
abe450d824f7fccb015a828af435d404d88d2c0877f7c8371151e5eadfde694e7c247fd4d0547e756a9cdb78c4071769edf36b5357fe39c438dd5423d959ce65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29776.exe

Filesize
184KB

MD5
93cfc45c1ac83a88f176c0c22a9fab2d

SHA1
cb3ef3f5ef8b456a357419982ad04dfc57a512b6

SHA256
be24ce7ea34a1b2fad3bec7c030828cdb1c9b5ac6696cd11c497943dda54cd82

SHA512
cac5a24107cce2986688ecded45988beda3b04ea9f539cb89db53f42cf899d6099ff038280f5ecee80f44ec6566a0005cbbe1bcae780c185dbf3e4af326ea105

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30250.exe

Filesize
184KB

MD5
41b3251fdd1483327050141e2fc2fa14

SHA1
bb7b99ad78858e0d5e41a0d4ab2c3f17ac81e237

SHA256
78d78ed1ef4ccccb46963fbb5d6684c68ed2a469dbc5d121ffe483929c6ef846

SHA512
18863e67ca899ac95c5d65c933a63a150bb2e96230f62624471b753285b3b4764579ef69c5fc10a900463e33ef4bb7191aba1a10e3e90792a25c4d7fc7b7fabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe

Filesize
184KB

MD5
553e0d9b156281adb3e2aed02283a651

SHA1
0c0dea526215732fd78427f77565ea60993f1351

SHA256
3fc5f13afe76a599945e1d27738de9d9cd780e65f0db377c1cd2cd6557789e36

SHA512
55a5effc7477b77368b88952137bc54274bf761cf3538f39aacf1725e538b5d735e92a1f6acee49396e00954bd58cc6c0f1a99000cca808c4ee09d95f633091d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe

Filesize
184KB

MD5
bc0f57bc6975ee6910f3cee74b6b225b

SHA1
890e46f1e1f6677bc0b488849709a876e5d0569e

SHA256
6ed3aef09b45999e8cd6bfd6d7af9f6e8eb70605ef3e1734e01ee1e75406bf62

SHA512
709d3b60e1a9ae489b39259ba7da31dc8fe174677b856d2b073246da3def8c3165f491e1e94fb5a8b3a9f58ff679feaa82da35ee62d5a4b397cfd9246e494af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe

Filesize
184KB

MD5
8041d47d513a269b2b3eff41827c43d6

SHA1
a3d6c3b391f85f2a112308ea334a78a13baa5814

SHA256
c72f57975ec6b01986d0298e0ead1a345042fbd2fc780ba909806551cb7894f5

SHA512
51a36f0994bbe6acec2514c29613f19d183e63050208c126e6dcc156a2c0a1f0d71b6e2929ea2d179bb71aaa1c99e9e4f37615d466caefb713bdfc8c4d331752

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe

Filesize
184KB

MD5
46b8bd1a1d19c40885b286cdbd261058

SHA1
acc835a4836d0879151b01f80197a859785730b3

SHA256
dc8f373b8636bed32e3bc7cbecdb640eeefa3116270e2921f0fcf93a97392290

SHA512
bb57e7da490544674a88773edae41ba1b395d5ec5052db828cf70c0928dda9b001d4557fb2d13398f64bc3e3bab3e2675b54fd3926788ac69a7d964847c2166a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe

Filesize
184KB

MD5
ab5068a318d6c1a8f8b1e83e50e61c6e

SHA1
ffe809457d88fcab1a387deaccd6d72a371f6f80

SHA256
2ef067f7a9eae59dc4e70de19faa4e4aaec25be94d5c32339cf70de9939a2cfc

SHA512
62358cf5d49c8853aafcd024acda66f7e908909909e0968f57b0f48e7ec68ab7ab8ea7ee352eccc50583306661bd660296825f37e56e1b37c6808b8b8872cf3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38034.exe

Filesize
184KB

MD5
e7ff6b1649ed5da4a9a896a64269baaa

SHA1
bf43f85d7dfd207f39be5278e4e9052a7fef8f85

SHA256
9a7c6ceaaa090928a93ef639de5110bb881d992fddbaf7ae7fbe0207e3e37b38

SHA512
4d3acf33cba2dd5b7b382c43f78998cc52fecfb66c23d6a03701c398ae562e3b408bb693635af1ec28d84836b5528df80451dcf36506763266ce6dd594760f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe

Filesize
184KB

MD5
b5b20dc1e105225ce2127ff485275547

SHA1
3bc632ae73f67dd4f5022e313313f5b0893199b6

SHA256
d0e5e1ad5491f150805cd9b8d099c486c2a4193101f22470b64dc38aeff9be9a

SHA512
7c94cf5c32a25a444d2dff64ab79aa37d96001564b1420cd958f60fecbe758d47ea01acd0bfec26de19288da4ac97fa2b712efa1da959535cf06cb73319e3863

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe

Filesize
184KB

MD5
4a3b7c8b59d652e4ff9f6eb2bc45fd6c

SHA1
4f9b1f4a9d6d6706a3973b792503c5fc6ad0f228

SHA256
50ced3a6ab55e37e731fa86d65f8e8f4a5c740d885d0f449da59879621471958

SHA512
cfbd774203a165995cefc6e26a918e5e73aeabe03eca62328e2556d742c52d7bf4c5402d4a04093dec52fdc356b32d069d35ea1a35273bc88ba4577382405f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe

Filesize
184KB

MD5
b061dfd93ed8e08ed7ec5df7ceb57394

SHA1
b359d5235001dcec8a8503537d1f7a7057ed23fd

SHA256
e55fda3374e7c590cd1a8d0aadef8c669b4ae2a88e7762ece68cfb44fa81a8b4

SHA512
5febf39b22396c04fcfa698a8cf1c33e8e8cb96e85a57b7c1785000de3d1ed7375c2993b47a3dcebbd0343611b7236fb22ae1c5b40425e22f15bad8c74231465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe

Filesize
184KB

MD5
777cfc622318a6fe54317681f8d3b528

SHA1
8312fa260495de7d593723c7debbeef0e010a1e4

SHA256
a098c13ddd2da4b3153f9a14ea858e64405154bff97ac430c5f54c1b2a9a8503

SHA512
508febd5d6d2f5cfa71479e9cc0c73b99e43e0dcc2732ded00d3926effbe28c913677d294e0a0969d0f695a1bb23d37feddb2fc0637f8e2b622282c97174536f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe

Filesize
184KB

MD5
2646a7c9d3711358e888bf8f46ec3cf8

SHA1
4bfc88dd4ccb5ba181a8d47466c6dda22662ab49

SHA256
f60f71cc05647b3743d8cb2764485c1a5315d29f104f8a151a7434e1ba80db3d

SHA512
ade605be55f3a74e05dc40f3b2464c3334ed4d8ec4e3ca9b9b705aa632e1dd4f8d5469bd327a6ae6867fec12e2396769917eca9031250d14084ec00cd8dd6166

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53301.exe

Filesize
184KB

MD5
261b96519acd036cd86175c6b60eaccf

SHA1
ef292274ecb2fc49f7206274225e7b118ced0000

SHA256
20d7f6a2a94ad01e5d105fe906e3c8d2f0173bf9d84eddb35f0afb0a677c5c83

SHA512
56f3f8574c032dff6a73c6340da967f6267d4b87ede8d44f0b7a8c8d7ce8410a845f59e092e398b54fa49b00cb86f144b9b13b93d55655f164d9228378c515f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe

Filesize
184KB

MD5
87013020b74bc30e8390d17459fdebcc

SHA1
fcb3024469947f16a400e485c8bb19f1c6b87d7f

SHA256
daf62a82dee2750a801bb01f6d2d732124cf8a55a34cb3384a0b125d555b9f34

SHA512
9d0c34c679e3e5af273f719d677e4f2f0d0cf26a8e58d9fcba7bd0a3479157d203b11433e297b0333f5e6341875b8ccc273296adf582102721741673c46c70cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5463.exe

Filesize
184KB

MD5
e71f213b9e83dc7c79673cc0dd72310f

SHA1
597ad31d0780c79b0fc8c19a8b0f241fad2725ce

SHA256
8060bfac50c370ad8372a023283366e3db06178596e0e55a11cf325f6e116902

SHA512
a26f2a07a250872da648190bd90d89455d520a4e3e1b418bbd863d9a4ad1e170b81c5ed79e286efdd906f24ea7aeef9dec1139380e3dd4dd8b2702672984b637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe

Filesize
184KB

MD5
890a2ded45f1355927d9163f17b44e98

SHA1
2ab351b9fd02e4b6a63083f63d25573a547162cc

SHA256
0c0ecb8940baccc88a75447dcf203dc893d6ddec1a3b517ac87bb7fc8e25c4c2

SHA512
4d781b86a8e542fd3c9891c8e60b486df102a90ecef68812d27398344215cd8d8b0a54b09d3ae0586802d4bed1806fc24f7310e4f4d31b3cea08a7c72e287d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe

Filesize
184KB

MD5
4ffde896d051bf0f2f0a858911444d10

SHA1
75b25ee0e02f1bacbb72f29aa5159e79a00960e7

SHA256
35d83fabac37093b046773c265d73a5e9bbf63df46573a5a7d298f7997fd3fe5

SHA512
ceb4b9418667d64eda5ab4e6e3ea9ad4a3d7612cd9c4a399be1884b47bc6416fd83438e83eb1133540f6053eccae3b033f2c12f663935b53776af53c53302d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe

Filesize
184KB

MD5
58f92598817ec430f034cc5efdce77ed

SHA1
faed921b484a8c75b9417f27c51ca7bab51a456e

SHA256
0e180f3cee278c9973d7693879e70a2a0891416b53ef1d42860e8fadd90095a6

SHA512
e53e644381b5bb5c99cc5efa5eee6f0fe86e8180de690f60ad3dadf99754f386e0a5a4331aad510985bf97cc7d6d3dd53a152dfecd971788eaf689a722dbe8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe

Filesize
184KB

MD5
9fa0780a4ee5142a92c010ec358fc031

SHA1
b7b20b9d3d4b0af4a1ba695ef5d4dcdf84c37399

SHA256
4a35c711d7c806c40b361b0f03fe463f6fb6403e12ea370f094bc89e63d1e9ea

SHA512
e6a9e483b42840e7981f8ac6a268b108b32fb0bf3005e62f16615f1b5eca7792379ed81c15c24ab3d64076adc3c521e3b9f6c08dde247d0d3770e301c3fb8e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe

Filesize
184KB

MD5
b546d6d000768a95903ec5238e8800d8

SHA1
1262ea59268d1adfad7a695cbb93ec1efb2982df

SHA256
e9bdec7fb959371799957ab2524e8ea6466b12e8a71dc508d2068bc14da7433b

SHA512
7523adc95c770ae89abbbee45df2c4b7bdbbaa3ed5ecdddca38cd8ceb03b92fd1b487dabd9d00a7a0ad9d2620bcbf167c58d6ef10dc2d9ab0efb91e2afed3f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe

Filesize
184KB

MD5
2dfcbd541e797d5107900f617567a13e

SHA1
eb226c927852b96f6d95c5f1a111df5aea18f77f

SHA256
fdc06b752d1023c27dae1fdc70f1678943f5e94a66c0b86c456783788e9b3081

SHA512
ef324e8749435293c6a556c83e5e5a745445c5e9bf8987640e46b4e1ae3de3b2794c61ff90a19e95d866732c38cd05e125ee5719edb90ebd06f00b2a8a907a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe

Filesize
184KB

MD5
672a19e96079593072b7519487cac574

SHA1
651868a734a9bb14139e6126396a9021ea486be5

SHA256
e7159687be127ae7f6285ebe433c92d0312bff9583e6e7f31748184a9d239b33

SHA512
aa6742d7e263bf8949d0cae44fcdd0186aa3073d5f517ac648a63867a57fbf36cb5472dcd22c15793023ea5929975bd83732a0a6483c770559a6f256e1815dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe

Filesize
184KB

MD5
d63f349114d28fbf40d59ffd3eb5eb6b

SHA1
eb6b5b76c93d18b71ba4165d61e9bee5de434afa

SHA256
1aa1cd16a3188b31ed1c79e45a118016f846b42dff65b18c89b80127e7df9930

SHA512
d321916a22377a24c53602a3139216d62b5e4f2aa5dfca0332c9beb2e362f94dce31245baca5f035326d0df993a921c64c431cdaf59b393cc6c43579e8910de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe

Filesize
184KB

MD5
93644bc18ef272cb98d81c083fc253a5

SHA1
9635c56270613c8491f45b2637913f2f67ccb839

SHA256
c1b8f1a75d8d262c0771faa1dd8da3eedc2112dab3cf9e728b0e732febfae798

SHA512
50930deacbca2622e9ec457a9a68f47ab27d10e1c85dc265d8c2971bfd32c860caa40bb3894c96b78f831a9f4671e105ad261df028c9eb58163a2de61cf7b92e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads