bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c

Analysis

max time kernel
149s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 01:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe
Size

192KB
MD5

b2bd98257ed4ca8707860ddfa7c36798
SHA1

c467d62ffa43905d0707c3e7116c1dc02242b431
SHA256

bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c
SHA512

274ead81610c1231812c459a191ed167e73505995a80b5dbed3f33991f88b51192cd067fd5919138bb247bad9f83ba01313ad69ee93bb6594a0d69603c3c53ca
SSDEEP

3072:td8goLhCkDiVDYXMdfX368zz/mt6DaLDkjaxsCiUmNwPvxFB:tdHonWVDpdP368Wni9NwPvxF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5000	Unicorn-7315.exe
2668	Unicorn-10032.exe
4300	Unicorn-5818.exe
4584	Unicorn-38004.exe
4504	Unicorn-35735.exe
3384	Unicorn-55793.exe
3680	Unicorn-12659.exe
1324	Unicorn-45908.exe
1480	Unicorn-26042.exe
3036	Unicorn-40759.exe
2956	Unicorn-40378.exe
4568	Unicorn-30068.exe
3080	Unicorn-43450.exe
4980	Unicorn-43031.exe
4112	Unicorn-12496.exe
3460	Unicorn-12496.exe
4364	Unicorn-40954.exe
1040	Unicorn-39508.exe
1008	Unicorn-2227.exe
4872	Unicorn-151.exe
5084	Unicorn-16151.exe
2140	Unicorn-16151.exe
1484	Unicorn-883.exe
3792	Unicorn-14074.exe
1744	Unicorn-19991.exe
4532	Unicorn-19991.exe
2764	Unicorn-14266.exe
2936	Unicorn-50395.exe
744	Unicorn-54612.exe
2392	Unicorn-20605.exe
5024	Unicorn-47700.exe
968	Unicorn-65489.exe
1432	Unicorn-45624.exe
1664	Unicorn-17524.exe
3128	Unicorn-48696.exe
4080	Unicorn-25905.exe
4380	Unicorn-22266.exe
4320	Unicorn-42132.exe
3804	Unicorn-26865.exe
724	Unicorn-8317.exe
880	Unicorn-43319.exe
2628	Unicorn-41373.exe
2152	Unicorn-61239.exe
4248	Unicorn-46164.exe
3024	Unicorn-25329.exe
1464	Unicorn-35639.exe
3088	Unicorn-5235.exe
4764	Unicorn-16663.exe
4968	Unicorn-47067.exe
1524	Unicorn-34644.exe
1228	Unicorn-29495.exe
1860	Unicorn-49361.exe
2264	Unicorn-32916.exe
1168	Unicorn-52350.exe
3040	Unicorn-9008.exe
3116	Unicorn-53144.exe
2232	Unicorn-3834.exe
2384	Unicorn-23700.exe
2700	Unicorn-7674.exe
3756	Unicorn-58484.exe
4996	Unicorn-24119.exe
4260	Unicorn-26964.exe
4924	Unicorn-50036.exe
1652	Unicorn-17748.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
6592	1484	WerFault.exe	187
3516	6744	WerFault.exe	315
3268	2116	WerFault.exe	530
4532	4728	WerFault.exe	620
4352	4820	WerFault.exe	760
3752	2752	WerFault.exe	788
1484	2368	WerFault.exe	791
1264	5280	WerFault.exe	790
3852	5948	WerFault.exe	797
5412	6784	WerFault.exe	799
5344	1668	WerFault.exe	856
6096	3844	WerFault.exe
3460	6212	WerFault.exe
4348	1108	WerFault.exe	379

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe
5000	Unicorn-7315.exe
2668	Unicorn-10032.exe
4300	Unicorn-5818.exe
4584	Unicorn-38004.exe
4504	Unicorn-35735.exe
3384	Unicorn-55793.exe
3680	Unicorn-12659.exe
1324	Unicorn-45908.exe
1480	Unicorn-26042.exe
3036	Unicorn-40759.exe
2956	Unicorn-40378.exe
4568	Unicorn-30068.exe
3080	Unicorn-43450.exe
4980	Unicorn-43031.exe
3460	Unicorn-12496.exe
4112	Unicorn-12496.exe
4364	Unicorn-40954.exe
1040	Unicorn-39508.exe
1008	Unicorn-2227.exe
4872	Unicorn-151.exe
5084	Unicorn-16151.exe
2140	Unicorn-16151.exe
4532	Unicorn-19991.exe
1484	Unicorn-883.exe
1744	Unicorn-19991.exe
3792	Unicorn-14074.exe
2764	Unicorn-14266.exe
2936	Unicorn-50395.exe
744	Unicorn-54612.exe
2392	Unicorn-20605.exe
5024	Unicorn-47700.exe
968	Unicorn-65489.exe
1432	Unicorn-45624.exe
1664	Unicorn-17524.exe
3128	Unicorn-48696.exe
4080	Unicorn-25905.exe
4320	Unicorn-42132.exe
4380	Unicorn-22266.exe
724	Unicorn-8317.exe
3804	Unicorn-26865.exe
2628	Unicorn-41373.exe
2152	Unicorn-61239.exe
880	Unicorn-43319.exe
4248	Unicorn-46164.exe
3024	Unicorn-25329.exe
1464	Unicorn-35639.exe
3088	Unicorn-5235.exe
4764	Unicorn-16663.exe
4968	Unicorn-47067.exe
1524	Unicorn-34644.exe
1228	Unicorn-29495.exe
1860	Unicorn-49361.exe
2264	Unicorn-32916.exe
1168	Unicorn-52350.exe
3040	Unicorn-9008.exe
3116	Unicorn-53144.exe
2384	Unicorn-23700.exe
2232	Unicorn-3834.exe
2700	Unicorn-7674.exe
4996	Unicorn-24119.exe
3756	Unicorn-58484.exe
4260	Unicorn-26964.exe
4924	Unicorn-50036.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 5000	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	81
PID 3932 wrote to memory of 5000	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	81
PID 3932 wrote to memory of 5000	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	81
PID 5000 wrote to memory of 2668	5000	Unicorn-7315.exe	82
PID 5000 wrote to memory of 2668	5000	Unicorn-7315.exe	82
PID 5000 wrote to memory of 2668	5000	Unicorn-7315.exe	82
PID 3932 wrote to memory of 4300	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	83
PID 3932 wrote to memory of 4300	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	83
PID 3932 wrote to memory of 4300	3932	bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe	83
PID 2668 wrote to memory of 4584	2668	Unicorn-10032.exe	84
PID 2668 wrote to memory of 4584	2668	Unicorn-10032.exe	84
PID 2668 wrote to memory of 4584	2668	Unicorn-10032.exe	84
PID 5000 wrote to memory of 4504	5000	Unicorn-7315.exe	85
PID 5000 wrote to memory of 4504	5000	Unicorn-7315.exe	85
PID 5000 wrote to memory of 4504	5000	Unicorn-7315.exe	85
PID 4300 wrote to memory of 3384	4300	Unicorn-5818.exe	86
PID 4300 wrote to memory of 3384	4300	Unicorn-5818.exe	86
PID 4300 wrote to memory of 3384	4300	Unicorn-5818.exe	86
PID 4584 wrote to memory of 3680	4584	Unicorn-38004.exe	87
PID 4584 wrote to memory of 3680	4584	Unicorn-38004.exe	87
PID 4584 wrote to memory of 3680	4584	Unicorn-38004.exe	87
PID 2668 wrote to memory of 1480	2668	Unicorn-10032.exe	88
PID 2668 wrote to memory of 1480	2668	Unicorn-10032.exe	88
PID 2668 wrote to memory of 1480	2668	Unicorn-10032.exe	88
PID 4504 wrote to memory of 1324	4504	Unicorn-35735.exe	89
PID 4504 wrote to memory of 1324	4504	Unicorn-35735.exe	89
PID 4504 wrote to memory of 1324	4504	Unicorn-35735.exe	89
PID 4300 wrote to memory of 3036	4300	Unicorn-5818.exe	90
PID 4300 wrote to memory of 3036	4300	Unicorn-5818.exe	90
PID 4300 wrote to memory of 3036	4300	Unicorn-5818.exe	90
PID 3384 wrote to memory of 2956	3384	Unicorn-55793.exe	91
PID 3384 wrote to memory of 2956	3384	Unicorn-55793.exe	91
PID 3384 wrote to memory of 2956	3384	Unicorn-55793.exe	91
PID 3680 wrote to memory of 4568	3680	Unicorn-12659.exe	92
PID 3680 wrote to memory of 4568	3680	Unicorn-12659.exe	92
PID 3680 wrote to memory of 4568	3680	Unicorn-12659.exe	92
PID 4584 wrote to memory of 3080	4584	Unicorn-38004.exe	93
PID 4584 wrote to memory of 3080	4584	Unicorn-38004.exe	93
PID 4584 wrote to memory of 3080	4584	Unicorn-38004.exe	93
PID 1324 wrote to memory of 4980	1324	Unicorn-45908.exe	94
PID 1324 wrote to memory of 4980	1324	Unicorn-45908.exe	94
PID 1324 wrote to memory of 4980	1324	Unicorn-45908.exe	94
PID 3036 wrote to memory of 4112	3036	Unicorn-40759.exe	95
PID 3036 wrote to memory of 4112	3036	Unicorn-40759.exe	95
PID 3036 wrote to memory of 4112	3036	Unicorn-40759.exe	95
PID 1480 wrote to memory of 3460	1480	Unicorn-26042.exe	96
PID 1480 wrote to memory of 3460	1480	Unicorn-26042.exe	96
PID 1480 wrote to memory of 3460	1480	Unicorn-26042.exe	96
PID 4504 wrote to memory of 4364	4504	Unicorn-35735.exe	97
PID 4504 wrote to memory of 4364	4504	Unicorn-35735.exe	97
PID 4504 wrote to memory of 4364	4504	Unicorn-35735.exe	97
PID 2956 wrote to memory of 1040	2956	Unicorn-40378.exe	98
PID 2956 wrote to memory of 1040	2956	Unicorn-40378.exe	98
PID 2956 wrote to memory of 1040	2956	Unicorn-40378.exe	98
PID 4568 wrote to memory of 1008	4568	Unicorn-30068.exe	99
PID 4568 wrote to memory of 1008	4568	Unicorn-30068.exe	99
PID 4568 wrote to memory of 1008	4568	Unicorn-30068.exe	99
PID 3680 wrote to memory of 4872	3680	Unicorn-12659.exe	100
PID 3680 wrote to memory of 4872	3680	Unicorn-12659.exe	100
PID 3680 wrote to memory of 4872	3680	Unicorn-12659.exe	100
PID 3080 wrote to memory of 5084	3080	Unicorn-43450.exe	101
PID 3080 wrote to memory of 5084	3080	Unicorn-43450.exe	101
PID 3080 wrote to memory of 5084	3080	Unicorn-43450.exe	101
PID 4980 wrote to memory of 2140	4980	Unicorn-43031.exe	102

C:\Users\Admin\AppData\Local\Temp\bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe
"C:\Users\Admin\AppData\Local\Temp\bab3383a1b7192d6885c45a1f386e94a7083c55a5082312631aa4caf60a2e67c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        10⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        11⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        13⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        14⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        15⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        16⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        17⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        18⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        19⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
        20⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        10⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36605.exe
        12⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        13⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        14⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        15⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        16⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        17⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        18⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        19⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        20⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        21⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        22⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        23⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        24⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        11⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        12⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        13⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        14⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61205.exe
        15⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        16⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        17⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        18⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
        19⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        20⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
        21⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        22⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 608
        23⤵
        Program crash
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
        11⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        13⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        14⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        15⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        16⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
        17⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        18⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        19⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        20⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        21⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 644
        22⤵
        Program crash
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        11⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        14⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        15⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        16⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        17⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        18⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        19⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        20⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        21⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        22⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        23⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
        24⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        25⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        26⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        27⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        11⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        12⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        13⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        16⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        17⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        18⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        19⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        20⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe
        21⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        22⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        23⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        24⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26923.exe
        25⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
        26⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        11⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        12⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        13⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        14⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        15⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        16⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        17⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        18⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        19⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        20⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
        21⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        22⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        23⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        14⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        15⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        16⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        17⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        18⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        19⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        20⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        21⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        22⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        23⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        11⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        13⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        14⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        16⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        17⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        18⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        19⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        20⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        21⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        22⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        23⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        11⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        12⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        13⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        14⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        15⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        16⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        17⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        18⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        19⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        20⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        21⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        22⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        23⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        24⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        25⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        26⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        25⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        24⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        25⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29495.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        10⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        13⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        14⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        15⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        16⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        17⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        18⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36596.exe
        19⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18676.exe
        20⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        21⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        22⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        23⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        24⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        25⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        22⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17524.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        11⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        12⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61748.exe
        14⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        15⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
        16⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        17⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        18⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        19⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        20⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
        21⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        22⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        23⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        24⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        25⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        12⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57502.exe
        13⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54958.exe
        14⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
        15⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        16⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        17⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        18⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        19⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46513.exe
        20⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
        21⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        22⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        23⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        24⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        25⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        24⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
        16⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        17⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        18⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        19⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
        20⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        21⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54767.exe
        22⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        23⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        9⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        11⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58862.exe
        12⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        13⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        14⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        15⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        17⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        18⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        19⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36622.exe
        20⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        21⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        22⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
        23⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        24⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14276.exe
        25⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
        12⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        13⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        14⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        15⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        16⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        17⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 636
        18⤵
        Program crash
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
        12⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
        13⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        14⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        15⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        16⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        17⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        18⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        19⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        20⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        21⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        22⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        23⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        24⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        25⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        26⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        12⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        14⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        15⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
        17⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        18⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14224.exe
        19⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        20⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        21⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        11⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        12⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        13⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        14⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        15⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        17⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        18⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        19⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        20⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35505.exe
        21⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        22⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        23⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        24⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        25⤵
        
        PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53144.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        11⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        13⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        14⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        15⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        16⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        17⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        18⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        19⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        20⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        21⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        22⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        11⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        12⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        13⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        14⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54327.exe
        16⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        17⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        18⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        19⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        20⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        21⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25250.exe
        22⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        23⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        11⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        13⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        15⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33390.exe
        16⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        17⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46225.exe
        18⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        19⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        20⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
        21⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
        22⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        23⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44843.exe
        24⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        25⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        26⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        25⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        20⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        21⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        22⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9508.exe
        23⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        24⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        25⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 492
        11⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        12⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        13⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        14⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        15⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        16⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        17⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        18⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        19⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58126.exe
        20⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        21⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        22⤵
        
        PID:512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        23⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        24⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        12⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        13⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        14⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        15⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        17⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38257.exe
        18⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        19⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 632
        20⤵
        Program crash
        
        PID:5412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        9⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        10⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        11⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5869.exe
        12⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        13⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18926.exe
        14⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39054.exe
        15⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        16⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        17⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        18⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        19⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
        20⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        21⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62196.exe
        22⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5427.exe
        23⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        24⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        25⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        26⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        26⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        10⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
        11⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        12⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        13⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        14⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        15⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        16⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65422.exe
        17⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        18⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        19⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        20⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        21⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        22⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        23⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        24⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11050.exe
        25⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        25⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        12⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        13⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        15⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        16⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        17⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
        18⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        19⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        20⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        21⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        22⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        22⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
        23⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        24⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        24⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        12⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        13⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        14⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        16⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        17⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        18⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        19⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        20⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        21⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        22⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        23⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        24⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        11⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26295.exe
        12⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        13⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        14⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        15⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        16⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        17⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        19⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        20⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        21⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
        22⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44485.exe
        23⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        24⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        25⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9005.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35927.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        12⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64958.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35124.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        11⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37620.exe
        12⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        13⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        14⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        15⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        16⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        17⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        18⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        19⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        20⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        21⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        22⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        23⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        24⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        25⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        18⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        19⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        20⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
        21⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        22⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        23⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        24⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
        22⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
        23⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 720
        21⤵
        Program crash
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        9⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        11⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        12⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
        13⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        14⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        15⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        16⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        17⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
        18⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        19⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        20⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        21⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        22⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        23⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        24⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52376.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        7⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35822.exe
        11⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        12⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        13⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        14⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 632
        15⤵
        Program crash
        
        PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        12⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        13⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        14⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        15⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62798.exe
        16⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        17⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        18⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        19⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
        20⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        21⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        22⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        23⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        24⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        25⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        10⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        13⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
        16⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        17⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        18⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
        19⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        20⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        21⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        22⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
        23⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        24⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        17⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        18⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        19⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        20⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        21⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        22⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        21⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        9⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
        12⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        13⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
        14⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17582.exe
        16⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        17⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        18⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        19⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
        20⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
        21⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        22⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        23⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
        23⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        6⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        14⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        15⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
        16⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        17⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        18⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
        19⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
        20⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        21⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        22⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        22⤵
        
        PID:6628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        12⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
        13⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        14⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        15⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        16⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
        17⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        18⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
        19⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40695.exe
        20⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        21⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        22⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        23⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        24⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        11⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        12⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        14⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        15⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        16⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
        17⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        18⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        19⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        20⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36293.exe
        21⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        22⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 632
        9⤵
        Program crash
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        11⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        12⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        13⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        14⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        15⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        16⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        17⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36535.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        9⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        13⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        14⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
        15⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        9⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        11⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        12⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        14⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        15⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        16⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        17⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        18⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        19⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        20⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        21⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        22⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        23⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        24⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        6⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        11⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
        12⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        13⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        14⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        15⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        16⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22417.exe
        17⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        18⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        19⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
        20⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        21⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        22⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        23⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        24⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        25⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        24⤵
        
        PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43127.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        11⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        12⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        13⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38103.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        15⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        16⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        17⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        18⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        19⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        20⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 724
        21⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        12⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        14⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        15⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        16⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        17⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
        18⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        19⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        20⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        21⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2298.exe
        6⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        7⤵
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43607.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
        10⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
        11⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        12⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        13⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        14⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        16⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        17⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
        18⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        19⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        20⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        21⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
        22⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
        23⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        6⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32052.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        11⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        12⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        13⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        14⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        15⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        16⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10739.exe
        17⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        18⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        19⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65384.exe
        20⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28040.exe
        21⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        22⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        23⤵
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        6⤵
        Executes dropped EXE
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        11⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
        12⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        13⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39086.exe
        15⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
        16⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        18⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        19⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 604
        20⤵
        Program crash
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
        6⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17015.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1718.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
        10⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        12⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        13⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        14⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        15⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
        16⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        17⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        18⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        19⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        20⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        21⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22030.exe
        22⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        23⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14183.exe
        24⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        15⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        16⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        17⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        18⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 632
        19⤵
        Program crash
        
        PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1484 -ip 1484
1⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6744 -ip 6744
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2116 -ip 2116
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4728 -ip 4728
1⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4820 -ip 4820
1⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2752 -ip 2752
1⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5280 -ip 5280
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2368 -ip 2368
1⤵
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5948 -ip 5948
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6784 -ip 6784
1⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1668 -ip 1668
1⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
1⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3844 -ip 3844
1⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
1⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
1⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
1⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
1⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1108 -ip 1108
1⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9575.exe
1⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 608
1⤵
- Program crash
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6212 -ip 6212
1⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
1⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
1⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 600
1⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
1⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 632
1⤵
- Program crash
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
1⤵
PID:5504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe

Filesize
192KB

MD5
c77805c7dd28d978de4e8a3df391a6f0

SHA1
f7062b0bd975c820f205a3a855a8099b6cefc848

SHA256
ca5e225a3297ea86e34f6348e53ede4f4ad35ecda9f46a452b0a9bb5aa3dc664

SHA512
0dd3f7eda5caa00bf34a13adaa30b87229d86fc8c48c2cd4b5b0a6ad783708e80888d8e791f0a632eff47f140d5ed4047f4174443de6da5afb061b5a4bd824c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe

Filesize
192KB

MD5
729646427c62195939dbff5dd5dfe70a

SHA1
8b5df7af96d65b3b2ea1a447c3e7cd1007b099d1

SHA256
5e9caa0daa079511d7a3e976a31c9cf357028cd4bf17591ffb223c9415759dc5

SHA512
df631d83040e4fe4effb2063fb516be1f53e63469c146df21e8eb0993466a5de82b8f58a18c318eeb0334c6306ea4cb730e46a7e5c084a60be7ba4e38931a5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe

Filesize
192KB

MD5
68a650abffc14ba220708112bb730aa4

SHA1
b5dee5242ebe4b72c4be4eae68cb16e9cbcff1f5

SHA256
3aefe740f523d0415909ae5a5d5b4674271ab60dad046df5d3d5654736a53264

SHA512
6bbe7c12c446eb39904b16cf48c9af8251d49500c91aa9b259d79da08fe6cd893f9cf90dd34ab8a59c1648e0acb3b5a22f8c843ef36e6efa76fb499073772219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14074.exe

Filesize
192KB

MD5
0849fe2c67ad988edacd37aa9e06445b

SHA1
aed1a6a2534951d8f13494de2033f091bd212043

SHA256
f8d48bc52d6ea275ca138f266064b401551784aceabc153fa67ab0879168323b

SHA512
e3cab378b187ec18eb369e1ff6c4bb7fd0324aa123a5499393b6d5b87cf6e34613d0009085a1822045df94a0dbc7f623e4f8b1cfec8b8d89a46b15604fd2f559

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe

Filesize
192KB

MD5
e847ad74033bb6385d857f97d8559fd6

SHA1
c4b49359af0148e6b534ec55eb7888f1499c4e6e

SHA256
f498ccf53909b839d54577073a805c177d226bf853cc4adb141c3fed0d2c76e0

SHA512
d2ed6bd365e0767ec1c4413adb775d5bef97a1a0e58cbc2bfa7e2e5978c1890d9f6c4e92b72419994fcefde445d0874302ddcf5a2b1cac2added7937ecb761fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe

Filesize
192KB

MD5
d05021d48b829360a1ee4971328c9389

SHA1
f43448022475512e89a2f433fd7e017888359f30

SHA256
70b0dc22ef2c9f68d103262a4f42c76da1d9338550c628b0b908d19d9ee9e370

SHA512
29a32ae0fbdb902498c9f69a177ec599552479786e3d7e0c6f0f3d916a2b40a10e4a31e6995fee8d6f940ac668794b221a1f018445bae7b5905b214540894478

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe

Filesize
192KB

MD5
2e79d99a9f37f472d7ea9de792e0e23c

SHA1
bbc17848fcc6bb6bc01199081a9a72d4908a9ffd

SHA256
86498131823c1ebcdcc1961f12e6c7229237f8a33394bb26f799dcc02ee2f150

SHA512
c49be7864990ad9cae5e1d94dfe65e1a268e06d1c8da6c01eda2caddf6855dc4ea65e22b57ea3bdf59a3eaac8370037b1d7960b50c67bf00dab1e68ab2e7942c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe

Filesize
192KB

MD5
d66dc8ef4ca287a0895c79d6f23b2cf8

SHA1
6f8ff73944a8f8b469ce7390eed299f6d0013856

SHA256
49f869a638421e377165af522c24c3353f6e2f3f638d250b4d7d1e032fd11fa0

SHA512
28bd20a30c6d8bf6e0a5e5b8c28028b5406eb38f48bc34f60838aa51cc63882cfaccf100345eb84bb3ff2cc0fdd2c74c588a109c792e3aac67eb331b7c6d7d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe

Filesize
192KB

MD5
4b74d96eb50656b755da0e6b6e4ae984

SHA1
b142e7c742e353acdd8e3c80e51eaf7ca133c9ab

SHA256
0fb8c469844a9efb16a03a1e31a42f5a245a0a4401848f8f57a341439847b27c

SHA512
bdfe3ee510830f7056678e87f4965da736abc82accad0674b2c3f56d0ee9d6b5343c194876e2fa092f12f0b5c3a1a6f34dedc01686b23ef73f8de40bf92f7389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe

Filesize
192KB

MD5
5852791d9d55e6f4befd034ee7188cad

SHA1
5354d3975d20782bf0bcfe92483f9cdf44f470a8

SHA256
5824d7b0c43a06ca2e419163926f94d68e184d1a3a3a689459c53e05b50c86fe

SHA512
274f2ef3a2dd1c91ce057b753726e93a1678e821f44e0ec8df0ae34f4754540f28051d4a7bd5dc282cbe5910ac76e70c56155e305af60e92b75b81a712240153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe

Filesize
192KB

MD5
caefc52b5a2daf86351cdbd7497f7b7b

SHA1
64afa3b1061d123ab8ff0308dbe42d67f9065567

SHA256
6a260f52617141870263c7ddf939949a8fe53e37ffb82b5234cb45df29ad0e35

SHA512
24c06ff2ea9b31c11edefaca0746dae7d8301e915eb98debb6450b4213a84b746cea37c50974325ba873a846551a5ff308b5b4519d2c85dd974cb40acd609c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe

Filesize
192KB

MD5
56bacdd21676581df5cc48a044e2a93d

SHA1
8eaf3acc5c74e9c5cf1ce4e25a0810d7d9f94fb3

SHA256
00d3806c999b0540b2cc1f85da5be8fb3de6c221e409e5c37159460091796cc1

SHA512
a55196081e661039d0b640ac51cc42750029b16f00e03b4126d6d3cf1bc545b120e5463863e7316f2960c88fe4b0fbabe9cae90f0515d7682a35ddec6389809b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe

Filesize
192KB

MD5
a67a294a39b1745acffc7b49aa090ae5

SHA1
b2dad0e713642cc012a396b17e1f9b30a424b3ad

SHA256
651b56df3aa838f8940fa19070760e159b4a17d4233bae421c316bbb838bd635

SHA512
99c43f39b7d47dca37f738a39f5172888533a558507dd43f309c71bc4550ff889a66a20c5a216df8c27001b4ced1b90908fcce1ecf6f9468f2434779055518f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe

Filesize
192KB

MD5
a985471d51555e26644fb1c3d26c53d6

SHA1
d1ea9b1dd3650c78fed68b3886e2f4a9ce07b8e1

SHA256
16a76b26ba7831593d74e21c305f89040e3257beb9e97370341d626c0d446861

SHA512
0e2f2b1237c07c58955c45b54199567da79e9b95d0358de3ba5a30a83c0830375f5971f7e8ed5e60dece8b57e018f0a041412e8d95d91890d6b332d27a9073d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe

Filesize
192KB

MD5
d775b470a847dfa3eb7ff7b10d39b911

SHA1
aa703a4af6eabb2617200b0264b4b71567b48208

SHA256
1353ac3b7e532d84f299cd721905ad4926dc80eb95bac5760510b6d68f170a8d

SHA512
8f41b6e853f38c2910589caec3275065dcb33bee479144d13759afdd8f6c346dc462adef74eb5133d5eb63a806b7848aab38f378b3291031fa201bc407852db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe

Filesize
192KB

MD5
293c3ece4f20510549d884369a54a535

SHA1
c853295b3fd750ad2a696a0af90135a7e88796a1

SHA256
19422c766c1c437d203a51b822b9abd86935c7cb320fbb30e835c15fed09dc14

SHA512
cd51c51adbd2bd2476e76d4a477bbfd4570cf3cbcb7a9544049e54abf156e50418fa185319c3983e40b9fbeae1460128bd2a60ad0f326ff15e20de905e09c0fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe

Filesize
192KB

MD5
af6b984bbc5c3b20f553eb0a9bc9b2ea

SHA1
e5da34afc64945fd5a0d72d8238bf022a9289c86

SHA256
f16fac3c52f6605a12b297aa8aefd59d5c559c1e87a215a791aab3e86cd65558

SHA512
f510a3b23b9cb0823c5ea01ab02f2fdc5cc1803d571c2cd5b1199fbcb6dde0c6a7fb88c3f885a144b1ba985650a241573d20971500fc70913fccb8fe110b18a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe

Filesize
192KB

MD5
591baa6852913d7495f9779ce12e43f5

SHA1
ad03538437dafd8817c0a055ebfa6a7dc9a74335

SHA256
012cdf928f2f00c04b2e41114972a3a2c51e9a69d367bfa6a7b2ca95e7aeba09

SHA512
134830928196ae9b910c7f35633017910fe88e3edb3a51b746ab264d02c99d8af5b03a0eaaba25ac4a0a227114c0db21df3a6215b9d8814b584de6a9112fbdd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40378.exe

Filesize
192KB

MD5
64df6633e86071884c3882ebb1890e29

SHA1
02b2ae02634ba34c8491d7fe3f8991d3214fb4a5

SHA256
500ad03635ae1409e4e7be1d032388e29acc7c178aad443ed76fcbd6523106f0

SHA512
a55e5854eda90c9db00d1bbf18971d60900c8a9275a82d2749f11c5e5e77ed239c721a25a4c29b74c3d0fee373ec456e4e8c3a4699fe17b1c470cbd5054addcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe

Filesize
192KB

MD5
f195cf947ed9d05e5091129f7a1a55ab

SHA1
a9678c8dcc371f9715ae6eb402166d2945a6d7fc

SHA256
13ba5874c86729659ece51e89fb3aaa37c8f17f04421b6e2b1a47a59f6c5f493

SHA512
ed4976ffc592a93161456501019ad1c82d72a16773fcae6c8445510cdc53fe3f77e15a660ae1d1409c1dc805416b95dc039b1167c40fa8c3c007bf8f8c060caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe

Filesize
192KB

MD5
ca276122b6c45c5fc8403a984c9fc843

SHA1
acf3856b25f50a68af0ce8e039a4154a7a74dd42

SHA256
cde1054f59dde263f12ef773fcb9c604edfbdb9d3994d545f48ae1d7183d3dab

SHA512
dc709cba7a196bf1d73e52d30a88660f4ffdb85470be531a817512632caf2b39447a02df9d925778aa05fea0b3c70d7b494a3c909b0ca8ae5b76d72cbd1f65d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe

Filesize
192KB

MD5
13e529f7b7397d0976fd7a86b44b14a2

SHA1
1072ec01258d7384bbda74f593b160df8551223a

SHA256
e0c703b9b9ac9edef5ab5c68a698baace6e95ec232a601e46f78c8b8b8e3cdc5

SHA512
35dd449bf60ce6d134181f6c885aba9b53451fcef11a56693b5d22b1b388198f8cb405042c7d2e49f6fe3b55855da589b4f367c704636441a5d226ad4e2ec145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe

Filesize
192KB

MD5
84a7cc6d2c0e48b8143e32e495927926

SHA1
0de1a2ff37a9b289bffc5d450a9b54a7d296c304

SHA256
4189decc8fd9fd77aac5935c4d080637fe9cf60e4c9c44292b828106c3f6bce3

SHA512
b1cca84f2fa600054464b7a22c8d2e93a64f26ee72365c28ba80a92fd438574098ffc25131224009090b3cc19fb5b0417ad1ba5080c758a1beec3bc4a54931d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe

Filesize
192KB

MD5
d7b1f946a1eba9e500145473b1a537a7

SHA1
448eaf1ca436ae11bbe3243870cc981e353e1e52

SHA256
3fbbfc6194593d6d916a7cd50623361d48988bf3d3019a4fb122e5ff22a32cf0

SHA512
faad6ce92a1a3a7ba93f9d7a7eff5db14d4ba2e85032c2761bb919565b6d5049b3bff9673bf0dc3f5a6eac1c45b8afa2593d22147d69a0f378b18eadfef44d28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe

Filesize
192KB

MD5
ea0f64c9ad4bb0c6ee7ebea5858246ba

SHA1
8d68b4adf507b5d5e7c403706367eff924e4a457

SHA256
33e18d1f4dcaea8334db8bbef6bb86c0ce7d62fbdf0da5d7cab636f9d05c0074

SHA512
d07355fb68a5f8b83e993e08338a9aac645157a6574f751c99968400234a71a5fc18b4d5f6c5cc6d6ae351993c171db16f6cb8e655b5fe27cc5edbdcfb3de907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe

Filesize
192KB

MD5
8f0ae4d897d93e24cf1cfdece7e5a8aa

SHA1
a93972d60d3536260161199a49abf6d47d406aaa

SHA256
0d210143038c8bf997e7d724179becf9a964da7a45c3aa8ebf40f3a59f465d66

SHA512
8237de206828743278a55521de06e6625493aa602fcf44e47aadd6dea4ffec713263111b2f951ddb77eef016907ff8d4b62d8783963341562a05508260ad9b3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe

Filesize
192KB

MD5
edb963d4e93dcb7f1a24217ffbd35adc

SHA1
8202edf573f1fca3acddd701ab9f231c202affc5

SHA256
cd86b29850cff8bbeaa8429f5e0e78f1a3d2b133e2b9d43017f4ea11ccd0db09

SHA512
5ca66056c9b74c8841cc98deb8df512cf1a9758b6be1cbe2c1dfa6d09d692b1b142810cf2fe0aed10a0ab5daee2df0d8c831e458ad1b2e26e245630b6daaf7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe

Filesize
192KB

MD5
f1c227ce14252b26632934e198616299

SHA1
267b3f033ffc50b9fb8f217d79deab184b2a0293

SHA256
34542685ef8ed53e1f6ddac29d75222b28d2bd3c1200a5e5f412432a04f2bfc3

SHA512
3dd3790e0e0b48b6e9e3a32e1870b9cf53f64b3652ad785e52442b8e3a35097dc316be178de92a7b9125e8e097e88cf5fa9958773b7f5bd15c09108e3615bdfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe

Filesize
192KB

MD5
3626882a2509775fb39b9e097c0323be

SHA1
858e26256409f605148bccf9e25935deade0d45a

SHA256
71af6c9d04887f8ef2e1def1a52695f1a72a3bae58d25251e5aea5042d56da1e

SHA512
bc43d4beb6f1b2bb5a9c339d38e766f6e587603152baf9005318288700cdc8ff4ee3b05d1f75063e9af0bf929603c180a0e9d3a9439a746b3e0ac63c2b8f4987

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55793.exe

Filesize
192KB

MD5
8448e4e811fb0e1a881668530af94037

SHA1
5b637393f5dfce99179f2250abe9b5e2c54d9bd2

SHA256
905945f16bcf6a57dec714e52023e6f80f55b170d7b9f6d20864273d5e69e760

SHA512
e79dcf733232b31a8137e0afd0bc6fe4b5fc983ee8d79b40c500031c06354bd02eab96a01bd1f2366bb3f47ad43cac96b808498a38ba03d8a457ca1662d46203

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58001.exe

Filesize
192KB

MD5
5a5fae2f3277bf4bfae6c6d45bb3e1dc

SHA1
d948f7fa3747b6e2782d448e8fbc6cccf870d490

SHA256
8e20a6c3a9eefc0c20c4279129df6c52e6aadaa3180b41b1a86662a706a982bc

SHA512
e8ecf9410f1d5b0b09f3dc3a95e089d7c91f3241fabe079b3fc5cea6ba8ea73916024b609f732988031844ab7c419da3dc7574d36c8f3e939f09420f2180ba5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe

Filesize
192KB

MD5
18d02949f4768e0537577eca7fd4cb5d

SHA1
769d4d47b00c6dc12ab06af6dcc7be314db0da4d

SHA256
754e8bf0ee248cea3b63aaf1146abdf0abcaa009fb7d2acd26aa20ea29ef741f

SHA512
35d2201b27b6d45da5b125a0590c1135eb90d34a360badbd0c64f8fa48581e7ef8bfee9935466d8f64b62b0de4242e0b564f6dc6fd4bdafff48cac772f7f3a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65489.exe

Filesize
192KB

MD5
2d5900b35e1bcc68269f56969763fa06

SHA1
9c56c3bf87aa2bddba3bc4d1f7623c9d2dd87f6c

SHA256
49e15938ba106efcf33dc7fcc4044282d7e9bd66141da60b576317ea4cb236e0

SHA512
f791ea0b838ad2b049ed4115eb5fba3dd586018c698056d32c4a167fae02c338d746e3724cfc0b0dc61b7e6608567798281571aaf42ffaebab00daa9f183bac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe

Filesize
192KB

MD5
0fd0461b30e2cd574ad1c91a477aaa57

SHA1
94a7ccd1fe1af39d52ee04a9730c708fcf9e93e6

SHA256
739c492050e50f633385c2966addaee93f6ebdef4ed9c87d3983d891243bab9e

SHA512
919e83c1e57ba8794339ec9368d76f54dab182bcb97d0f669398952e2ea7c0b0f3df82f61e9fed1c6347e144e57e3434dea0c5131af0570332ef7dab0c7c9932

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe

Filesize
192KB

MD5
33c44e126eb9f10c13be41beae81dd63

SHA1
62af6ba457445523c4de0ff1bf3fd6bb0394c64e

SHA256
cc41af1e2eb11531ed00e718d3a2ecf1c0c765d67394d55eddba28e77c1e0477

SHA512
f6efa686b8f6218d6bee08ffb2e990ad25da6acacbdb545f54a5ce1292d834400d4a90207ea9ca50d4273e76d5b34ccf32a7e1d80e967ac480c2afb8494d0827

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads